Firebox Configuration Report https://172.17.0.

7:8080/system/configuration

Firebox Configuration Report

Copyright © 2012-2015 WatchGuard Technologies, Inc. All Rights Reserved.

Contents

1 Network 2 Firewall 3 Subscription Services

1-1 Interfaces 2-1 Firewall Policies 3-1 Application Control
1-2 ARP Entries 2-2 Firewall Policies Details 3-2 WebBlocker
1-3 Link Aggregation 2-3 Mobile VPN Policies 3-3 spamBlocker
1-4 VLAN 2-4 Aliases 3-4 Gateway AV
1-5 Bridge 2-5 Proxy Action 3-5 IntelligentAV
1-6 Loopback 2-6 Content Action 3-6 Geolocation Blocking
1-7 Multi-WAN 2-7 TLS Profiles 3-7 IPS
1-8 SD-WAN 2-8 Traffic Management 3-8 Quarantine Server
1-9 Link Monitor 2-9 Scheduling 3-9 Reputation Enabled Defense
1-10 Dynamic DNS 2-10 SNAT 3-10 Botnet Detection
1-11 NAT 2-11 Default Packet Handling 3-11 Data Loss Prevention
1-12 Routes 2-12 Blocked Sites 3-12 APT Blocker
1-13 Dynamic Routing 2-13 Blocked Ports 3-13 Threat Detection
1-14 Multicast Routing 2-14 Quotas 3-14 Mobile Security
1-15 Gateway Wireless Controller 3-15 Network Discovery
1-16 Modem 3-16 Access Portal
1-17 Wireless 3-17 File Exception
4 Authentication 5 VPN 6 System
4-1 Hotspot 5-1 Branch Office Gateways 6-1 Information
4-2 Servers 5-2 Branch Office Tunnels 6-2 NTP
4-3 Settings 5-3 BOVPN Virtual Interfaces 6-3 SNMP
4-4 Users and Groups 5-4 Phase2 Proposals 6-4 NetFlow
4-5 Single Sign-On 5-5 IKEv2 Shared Settings 6-5 WatchGuard Cloud
4-6 Terminal Services 5-6 Mobile VPN with IPSec 6-6 Managed Device
5-7 Mobile VPN with SSL 6-7 Logging
5-8 Mobile VPN with L2TP 6-8 Diagnostic Log
5-9 VPN Settings 6-9 Global Settings
6-10 Technology Integrations
6-11 Logon Disclaimer
6-12 Users and Roles
6-13 FireCluster

Firebox Configuration Report

Model: M690
Date: 11/26/2023

Configuration

1. Network

1-1 Interfaces

Network Configuration
Configuration Interface in Mixed Routing Mode.

Interface Type Name (Alias) IPv4 Address IPv6 Address Description

0 Disabled Cluster_Interface 0.0.0.0/24
1 Trusted S+S LAN 172.17.0.7/16
2 Trusted S+S DMZ 192.168.200.7/24 DMZ
3 Disabled Optional-2 0.0.0.0/24
4 Trusted DMZ-WLAN 172.31.252.254/24 DMZ-WLAN-VLAN6-zum_surfen
5 Trusted IPPhone 172.29.254.254/16 VLAN88 fuer Telefonie
6 External T-Com_WAN 80.156.231.138/29 2003:41:C02D:0:0:0:0:3/48 T-Com_WAN
7 Trusted SuS_Labor 192.17.1.7/24 ESX Labor Umgebung
8 Link Aggregation Uplink-Core Uplink-Core
9 - Optional-8 169.254.0.1/30
10 Disabled Optional-9 0.0.0.0/24
11 Disabled Optional-10 0.0.0.0/24
12 Disabled Optional-11 0.0.0.0/24
13 Disabled Optional-12 0.0.0.0/24
14 Disabled Optional-13 0.0.0.0/24
15 Disabled Optional-14 0.0.0.0/24
16 Disabled Optional-15 0.0.0.0/24
17 Disabled Optional-16 0.0.0.0/24
18 Disabled Optional-17 0.0.0.0/24
19 Disabled Optional-18 0.0.0.0/24

Domain Name bb.schillseilacher.de

172.17.0.50
DNS Server 172.17.0.60
172.17.0.50
WINS Server 172.17.0.60

Interface Details

1 von 79 26.11.23, 08:37

Firebox Configuration Report https://172.17.0.7:8080/system/configuration

Interface 0 [ Cluster_Interface ]
Secondary IP Address None
MAC Address None
Traffic Management Outgoing Interface Bandwidth [ Unlimited ]
Marking Type [ IP Precedence ]
QoS Marking Method [ Preserve ]
Prioritize traffic based on QoS Marking [ Disabled ]

Interface 1 [ S+S LAN ]

Secondary IP Address None
MAC Address None
Traffic Management Outgoing Interface Bandwidth [ Unlimited ]
Marking Type [ IP Precedence ]
QoS Marking Method [ Preserve ]
Prioritize traffic based on QoS Marking [ Disabled ]

Interface 2 [ S+S DMZ ]

Secondary IP Address None
MAC Address None
Traffic Management Outgoing Interface Bandwidth [ Unlimited ]
Marking Type [ IP Precedence ]
QoS Marking Method [ Preserve ]
Prioritize traffic based on QoS Marking [ Disabled ]

Interface 3 [ Optional-2 ]
Secondary IP Address None
MAC Address None
Traffic Management Outgoing Interface Bandwidth [ Unlimited ]
Marking Type [ IP Precedence ]
QoS Marking Method [ Preserve ]
Prioritize traffic based on QoS Marking [ Disabled ]

Interface 4 [ DMZ-WLAN ]
Secondary IP Address None
MAC Address None
Traffic Management Outgoing Interface Bandwidth [ Unlimited ]
Marking Type [ IP Precedence ]
QoS Marking Method [ Preserve ]
Prioritize traffic based on QoS Marking [ Disabled ]
Mode DHCP Server
Domain Name None
Lease Time 1 day
DHCP Address Pool 172.31.252.1 - 172.31.252.250
Reserved Address Pool None
DNS Server None
WINS Server None

Interface 5 [ IPPhone ]
Secondary IP Address None
MAC Address None
Traffic Management Outgoing Interface Bandwidth [ Unlimited ]
Marking Type [ IP Precedence ]
QoS Marking Method [ Preserve ]
Prioritize traffic based on QoS Marking [ Disabled ]
Mode DHCP Relay
DHCP
IP Address 172.17.0.83

Interface 6 [ T-Com_WAN ]
80.156.231.140/29
Secondary IP Address 80.156.231.141/29
MAC Address None
Traffic Management Outgoing Interface Bandwidth [ Unlimited ]
Marking Type [ IP Precedence ]
QoS Marking Method [ Preserve ]
Prioritize traffic based on QoS Marking [ Disabled ]
IP Address 2003:41:C02D:0:0:0:0:3/48
HOP Limit 64
IPv6 DAD Transmit 1
Send Advertisement
M Flag
O Flag
Default Lifetime
Maximum Interval
Minimal Interval

Interface 7 [ SuS_Labor ]
Secondary IP Address None
MAC Address None
Traffic Management Outgoing Interface Bandwidth [ Unlimited ]
Marking Type [ IP Precedence ]
QoS Marking Method [ Preserve ]
Prioritize traffic based on QoS Marking [ Disabled ]

Interface 8 [ Uplink-Core ]
Secondary IP Address None
MAC Address None
Traffic Management Outgoing Interface Bandwidth [ Unlimited ]
Marking Type [ IP Precedence ]
QoS Marking Method [ Preserve ]
Prioritize traffic based on QoS Marking [ Disabled ]

Interface 9 [ Optional-8 ]
Secondary IP Address None
MAC Address None
Traffic Management Outgoing Interface Bandwidth [ Unlimited ]
Marking Type [ IP Precedence ]
QoS Marking Method [ Preserve ]
Prioritize traffic based on QoS Marking [ Disabled ]

Interface 10 [ Optional-9 ]
Secondary IP Address None
MAC Address None
Traffic Management Outgoing Interface Bandwidth [ Unlimited ]
Marking Type [ IP Precedence ]
QoS Marking Method [ Preserve ]
Prioritize traffic based on QoS Marking [ Disabled ]

Interface 11 [ Optional-10 ]
Secondary IP Address None
MAC Address None
Traffic Management Outgoing Interface Bandwidth [ Unlimited ]
Marking Type [ IP Precedence ]
QoS Marking Method [ Preserve ]
Prioritize traffic based on QoS Marking [ Disabled ]

2 von 79 26.11.23, 08:37

Firebox Configuration Report https://172.17.0.7:8080/system/configuration

Interface 12 [ Optional-11 ]
Secondary IP Address None
MAC Address None
Traffic Management Outgoing Interface Bandwidth [ Unlimited ]
Marking Type [ IP Precedence ]
QoS Marking Method [ Preserve ]
Prioritize traffic based on QoS Marking [ Disabled ]

Interface 13 [ Optional-12 ]
Secondary IP Address None
MAC Address None
Traffic Management Outgoing Interface Bandwidth [ Unlimited ]
Marking Type [ IP Precedence ]
QoS Marking Method [ Preserve ]
Prioritize traffic based on QoS Marking [ Disabled ]

Interface 14 [ Optional-13 ]
Secondary IP Address None
MAC Address None
Traffic Management Outgoing Interface Bandwidth [ Unlimited ]
Marking Type [ IP Precedence ]
QoS Marking Method [ Preserve ]
Prioritize traffic based on QoS Marking [ Disabled ]

Interface 15 [ Optional-14 ]
Secondary IP Address None
MAC Address None
Traffic Management Outgoing Interface Bandwidth [ Unlimited ]
Marking Type [ IP Precedence ]
QoS Marking Method [ Preserve ]
Prioritize traffic based on QoS Marking [ Disabled ]

Interface 16 [ Optional-15 ]
Secondary IP Address None
MAC Address None
Traffic Management Outgoing Interface Bandwidth [ Unlimited ]
Marking Type [ IP Precedence ]
QoS Marking Method [ Preserve ]
Prioritize traffic based on QoS Marking [ Disabled ]

Interface 17 [ Optional-16 ]
Secondary IP Address None
MAC Address None
Traffic Management Outgoing Interface Bandwidth [ Unlimited ]
Marking Type [ IP Precedence ]
QoS Marking Method [ Preserve ]
Prioritize traffic based on QoS Marking [ Disabled ]

Interface 18 [ Optional-17 ]
Secondary IP Address None
MAC Address None
Traffic Management Outgoing Interface Bandwidth [ Unlimited ]
Marking Type [ IP Precedence ]
QoS Marking Method [ Preserve ]
Prioritize traffic based on QoS Marking [ Disabled ]

Interface 19 [ Optional-18 ]
Secondary IP Address None
MAC Address None
Traffic Management Outgoing Interface Bandwidth [ Unlimited ]
Marking Type [ IP Precedence ]
QoS Marking Method [ Preserve ]
Prioritize traffic based on QoS Marking [ Disabled ]

1-2 ARP Entries

Disabled

1-3 Link Aggregation

Link Aggregation Settings

Name Type IPv4 Address IPv6 Address Interfaces
Uplink-Cores VLAN 0.0.0.0 8

Link Aggregation Details [ Uplink-Cores ]

Link Aggregation Interface
Name Uplink-Cores
Description Uplink-Cores
Mode Static
Type VLAN
IPv4 0.0.0.0/0

1-4 VLAN

VLAN
ID Alias Zone IP Address DHCP Address Pool Interface
5 Funk-Scan-Kiosk-DMZ Trusted 172.31.253.254 /24 Enabled 172.31.253.1 - 172.31.253.200 bond0
800 Guest Custom 100.94.255.250 /16 Enabled 100.94.0.1 - 100.94.250.0 bond0
999 Management Trusted 10.100.254.1 /24 Disabled bond0

VLAN Details [ Funk-Scan-Kiosk-DMZ ]

VLAN Configuration
Name Funk-Scan-Kiosk-DMZ
Description
Type Trusted
VLAN ID 5
IPv4 172.31.253.254/24
DHCP Mode DHCP Server
Network Lease Time 8 hours
Address Pool 172.31.253.1 - 172.31.253.200

VLAN Details [ Guest ]

VLAN Configuration
Name Guest
Description Guest
Type Custom
VLAN ID 800
IPv4 100.94.255.250/16

3 von 79 26.11.23, 08:37

Firebox Configuration Report https://172.17.0.7:8080/system/configuration

DHCP Mode DHCP Server

Domain guest.schillseilacher.de
Lease Time 1 hour
Network
Address Pool 100.94.0.1 - 100.94.250.0
8.8.8.8
DNS Server 8.8.4.4
1.1.1.1

VLAN Details [ Management ]

VLAN Configuration
Name Management
Description Management
Type Trusted
VLAN ID 999
IPv4 10.100.254.1/24
Network DHCP Mode Disabled

1-5 Bridge
Disabled

1-6 Loopback
Disabled

1-7 Multi-WAN
Disabled

1-8 SD-WAN
Disabled

1-9 Link Monitor

Disabled

1-10 Dynamic DNS

Disabled

1-11 NAT

Dynamic NAT
From To
172.17.0.0/16 Any-External
192.168.0.0/16 Any-External
DMZ-WLAN Any-External
DarkTrace_Netz Any-External

1-to-1 NAT
Interface Type NAT Base Real Base
T-Com_WAN IP Range 80.156.231.140 - 80.156.231.140 192.168.200.15 - 192.168.200.15

1-12 Routes

Routes
Route To Gateway Distance
10.0.91.0 /28 172.17.0.7 1
10.0.91.16 /28 172.17.15.3 1
10.81.234.0 /24 172.17.15.1 1
172.16.0.0 /16 172.17.15.1 1
172.17.0.0 /16 172.17.0.7 1
172.18.0.0 /16 172.17.15.1 1
172.19.0.0 /16 172.17.15.1 1
172.20.0.0 /16 172.17.15.1 1
172.21.0.0 /16 172.17.15.1 1
172.29.0.0 /32 172.29.254.254 1
172.31.252.0 /24 172.31.252.254 1
172.31.253.0 /24 172.31.253.254 1
172.31.254.0 /24 172.17.15.3 1
192.168.200.11 /32 192.168.200.7 1
192.168.81.0 /24 172.17.15.1 1
192.17.1.0 /24 192.17.1.7 1
194.31.221.33 /32 172.17.15.1 1
194.31.221.35 /32 172.17.15.1 1
80.67.237.159 /32 172.17.0.7 1
80.67.237.238 /32 172.17.0.7 1

1-13 Dynamic Routing

Disabled

1-14 Multicast Routing

Disabled

1-15 Gateway Wireless Controller

Disabled

1-16 Modem
Disabled

1-17 Wireless
M690 does not have wireless capabilities.

2. Firewall

2-1 Firewall Policies

Firewall Policies
Order Status Action Policy Name Log Alarm From To Port
1 Enabled Allow SSH.2 Disabled Disabled S+S LAN Management TCP:22
2 Enabled Allow SSH.1 Disabled Disabled Management Any TCP:22
3 Enabled Allow TFTP.1 Disabled Disabled Management S+S LAN UDP:69
4 Enabled Allow SNMP.2 Disabled Disabled Management 172.17.0.230 UDP:161

4 von 79 26.11.23, 08:37

Firebox Configuration Report https://172.17.0.7:8080/system/configuration

SUS_LAN SuS Server

SUS_DMZ SUS_LAN
5 Enabled Allow SNMP Enabled Disabled UDP:161
SuS Server SUS_DMZ
vLan_99 vLan_99
6 Enabled Allow SNMP.1 Disabled Disabled 172.17.0.230 Management UDP:161
216.239.35.4
Management 216.239.35.0 TCP:123
7 Enabled Allow NTP.1 Disabled Disabled
172.17.0.44 216.239.35.8 UDP:123
216.239.35.12
TCP:25
8 Enabled Allow Exchange365 Enabled Disabled ExchangeOnline-IP-Bereich 80.156.231.138-->172.17.0.103
TCP:443
9 Enabled Allow Access Disabled Disabled Management 172.17.0.230 Any
10 Enabled Allow Access.1 Disabled Disabled 172.17.0.230 Management Any
Nagarro DEFRA
11 Enabled Allow BOVPN-Allow.out Disabled Disabled Any tunnel.1 Any
Lobster-DATA-Live238_Stage159
12 Enabled Allow Dakoso_Vpn.out Disabled Disabled Any Dacoso_Darktrace_VPN Any
13 Enabled Allow Lobster_VPN.out Disabled Disabled Any Lobster-DATA-Live238_Stage159 Any
14 Enabled Allow SAP_VPN_Nagarro_.out Disabled Disabled Any Nagarro DEFRA Any
15 Enabled Proxy TEN-IT_VPN_DATA_DOMAIN.out Enabled Disabled 172.17.1.0/255.255.255.0 tunnel.1 TCP:443
16 Enabled Allow Any_fuer_PC131-10_PC061_PC151 Enabled Disabled Admin-PC Any Any
S+S LAN S+S LAN
17 Enabled Allow Innerhalb SuS alles frei Disabled Disabled SUS_LAN SUS_LAN Any
radius.bb.schillseilacher.de radius.bb.schillseilacher.de
18 Disabled Allow Any_fuer_GLG Disabled Disabled 172.17.21.75 T-Com_WAN Any
19 Enabled Allow Any_On_Way_Labor Enabled Disabled Admin-PC-Alle SuS-Labor Any
172.17.1.200 Any-External
20 Enabled Allow Ports_Data_Domain_Rep Enabled Disabled TCP:2051
Any-External 172.17.1.200
21 Enabled Allow FTP Disabled Disabled S+S LAN Any-External TCP:21
22 Enabled Allow SFTP Enabled Disabled BCD Travel User Any TCP:22
23 Enabled Allow SSH_zum_Finanzamt Disabled Disabled S+S LAN 80.245.147.91 TCP:22
24 Enabled Allow SFTP zu Eckardt Disabled Disabled 172.17.0.39 78.46.133.97 TCP:22
172.17.22.131
25 Enabled Allow SFTP zu Dakosy Disabled Disabled 172.17.0.9 195.244.0.70 TCP:2222
172.17.0.39
IPPhone S+S LAN
26 Enabled Allow SSH Enabled Disabled TCP:22
S+S LAN IPPhone
S+S DMZ
27 Enabled Allow SSH zu DMZ Enabled Disabled S+S LAN SUS_DMZ TCP:22
SuS-Labor
DELL_Supp_assi_port DELL_Supp_assi_port TCP:8443
28 Enabled Allow SSH-8443 DELL Disabled Disabled
ESX_SC_Supp_assi ESX_SC_Supp_assi TCP:22
ESX_SC_Supp_assi ESX_SC_Supp_assi
29 Enabled Allow SSH DELL Compellent Enabled Disabled TCP:22
DELL_Supp_assi_port DELL_Supp_assi_port
30 Enabled Allow Barcodescanner_Telnet Disabled Disabled Funk-Scan-Kiosk-DMZ 172.17.0.1 TCP:23
TCP:8961
192.168.200.15 192.168.200.15
TCP:1352
31 Enabled Allow CMN-DO02 Enabled Disabled 172.17.0.2 172.17.0.2
UDP:1352
172.17.0.103~172.17.0.105 172.17.0.103~172.17.0.105
UDP:8961
32 Enabled Allow Alarm-Server Port Disabled Disabled Any-External 80.156.231.138-->172.17.1.5 TCP:22223
62.245.148.8
TCP:25
33 Disabled Proxy SMTP-in-proxy Disabled Disabled 62.245.148.9 80.156.231.138-->172.17.0.2
TCP:465
94.199.89.34
34 Enabled Allow SMTP-Ferarri-Fax Disabled Disabled 172.17.0.111 schillseilacher0365.mail.protection.outlook.com TCP:25
62.245.148.8
62.245.148.9
94.199.89.34
35 Enabled Allow SMTP_in Disabled Disabled 80.156.231.138-->172.17.0.2 TCP:25
94.199.92.185
94.199.92.188~94.199.92.191
94.199.92.177~94.199.92.182
S+S DMZ
36 Enabled Allow SMTP_DMZ_zu_LAN Disabled Disabled S+S LAN TCP:25
SUS_DMZ
172.17.0.2
37 Disabled Proxy SMTP-out-proxy Disabled Disabled Any-External TCP:25
172.17.0.43
Domino-SRV
38 Enabled Allow SMTP_Out Disabled Disabled Any-External TCP:25
172.17.0.103
39 Enabled Allow SMTP_dmzWLAN Disabled Disabled DMZ-WLAN Any-External TCP:25
IPPhone IPPhone
40 Enabled Allow DHCP-Server Enabled Disabled UDP:67
172.17.0.83 172.17.0.83
IPPhone 172.17.0.83
41 Enabled Allow TFTP Enabled Disabled UDP:69
172.17.0.83 IPPhone
42 Disabled Allow WatchGuard AcssesPortal SSLVPN Enabled Disabled Any-External --> TCP:443
TCP:65263
43 Enabled Allow Luja_PNA_Ports Enabled Disabled PNA_Port_Freigabe T-Com_WAN TCP:4000
TCP:4321
S+S DMZ
44 Enabled Allow HTTP_DMZ_LAN Disabled Disabled S+S LAN TCP:80
SUS_DMZ
S+S DMZ
45 Enabled Allow HTTP_zu_DMZ Enabled Disabled Any-Trusted TCP:80
SUS_DMZ
46 Enabled Allow HTTP in T Webmailer Disabled Disabled Any-External 80.156.231.140-->192.168.200.15 TCP:80
47 Enabled Allow HTTP_dmzWLAN_intranet Disabled Disabled DMZ-WLAN 172.17.0.22 TCP:80
172.17.21.149
48 Enabled Proxy HTTP-proxy.GLG Disabled Disabled T-Com_WAN TCP:80
172.17.21.75
49 Enabled Allow HTTP-Kiosk_zu_Intranet Disabled Disabled Funk-Scan-Kiosk-DMZ S+S LAN TCP:80
50 Enabled Proxy HTTP-proxy-Wachter Enabled Disabled MuK Any-External TCP:80
51 Enabled Proxy HTTP-proxy-KIOSKPC Disabled Disabled KIOSKPC Any-External TCP:80
S+S DMZ
DMZ-WLAN
52 Enabled Proxy HTTP-proxy Disabled Disabled VPN-Benutzer Any-External TCP:80
vLan_99
SUS_LAN
53 Enabled Denied HTTP-Deny Enabled Disabled SUS_LAN Any-External TCP:80
54 Enabled Allow POP3_dmzWLAN Disabled Disabled DMZ-WLAN Any-External TCP:110
55 Enabled Allow IMAP_dmzWLAN Disabled Disabled DMZ-WLAN Any-External TCP:143
172.17.0.22
56 Enabled Allow SNMP-von DESSBLX022 Disabled Disabled Firebox UDP:161
172.17.0.52
57 Enabled Allow Z39-50_SciFinder Disabled Disabled S+S LAN Any-External TCP:210
TCP:389
UDP:389
TCP:49769
TCP:445
TCP:49783
SUS_DMZ SUS_DMZ
58 Enabled Allow DMZ-AD-Anbindung Enabled Disabled TCP:88
SUS_LAN SUS_LAN
TCP:135
TCP:49668
TCP:49674
TCP:49669
TCP:8027
S+S DMZ
59 Enabled Allow LDAP fuer DMZ Disabled Disabled S+S LAN TCP:389
SUS_DMZ
172.17.0.45 172.17.0.45
60 Enabled Allow Helpdesk-Port Enabled Disabled TCP:8383
192.168.200.1 192.168.200.1
61 Enabled Proxy HTTPS-in-140-DMZ Disabled Disabled Any-External 80.156.231.140-->192.168.200.15 TCP:443
62 Disabled Proxy HTTPS-proxy-AV.Webmailer Disabled Disabled Any-External 80.156.231.140-->192.168.200.15 TCP:443
63 Disabled Allow HTTPS in T Webmailer Disabled Disabled Any-External 80.156.231.140-->192.168.200.15 TCP:443
64 Enabled Proxy HTTPS-in-141-DMZ Disabled Disabled Any-External 80.156.231.141-->192.168.200.20 TCP:443
65 Disabled Allow HTTPS in Mobileiron Disabled Disabled Any-External 80.156.231.141-->192.168.200.20 TCP:443
217.8.57.160 S+S DMZ
66 Enabled Allow HTTPS Sentry in Enabled Disabled TCP:8443
217.91.174.143 SUS_DMZ
69.90.213.47
S+S DMZ
67 Enabled Allow HTTPS mobileiron.com Enabled Disabled 72.51.53.5 TCP:443
SUS_DMZ
72.51.53.6
172.17.21.75
68 Enabled Proxy HTTPS-proxy_GLG Disabled Disabled T-Com_WAN TCP:443
172.17.21.149

5 von 79 26.11.23, 08:37

Firebox Configuration Report https://172.17.0.7:8080/system/configuration

S+S LAN S+S DMZ

69 Enabled Allow HTTPS-DMZ-LAN Enabled Disabled S+S DMZ S+S LAN TCP:443
SUS_DMZ SUS_DMZ
S+S DMZ
70 Enabled Allow HTTPS_dmzWLAN Enabled Disabled DMZ-WLAN TCP:443
SUS_DMZ
71 Enabled Allow HTTPS_ESRS Disabled Disabled 172.17.0.201 Any-External TCP:443
72 Enabled Proxy HTTPS-proxy.Wachter Enabled Disabled MuK Any-External TCP:443
73 Enabled Proxy HTTPS-proxy-KIOSKPC Disabled Disabled KIOSKPC Any-External TCP:443
S+S DMZ
DMZ-WLAN
74 Enabled Proxy HTTPS-proxy Disabled Disabled VPN-Benutzer Any-External TCP:443
vLan_99
SUS_LAN
75 Enabled Allow HTTPS_ESX_SC_Support_Assistent Enabled Disabled ESX_SC_Supp_assi DELL_Supp_assi_port TCP:443
76 Enabled Allow CWS Repair APP Port 2403 Disabled Disabled DMZ-WLAN Any-External TCP:2403
77 Enabled Denied HTTPS-Deny Enabled Disabled Any Any-External TCP:443
78 Enabled Allow SMTP-SSL_dmzWLAN Disabled Disabled DMZ-WLAN Any-External TCP:465
79 Enabled Allow IMAP-SSL_dmzWLAN Disabled Disabled DMZ-WLAN Any-External TCP:993
80 Enabled Allow OpenVPN Port 1194 Disabled Disabled DMZ-WLAN Any-External TCP:1194
81 Enabled Allow Gast-Wlan-Port 8443 Enabled Disabled DMZ-WLAN Any-External TCP:8443
82 Disabled Allow Groupwise_in Disabled Disabled 172.16.25.248 S+S LAN TCP:1677
172.16.25.248
83 Disabled Allow Groupwise_out Disabled Disabled S+S LAN TCP:1677
Any-External
172.17.0.19
84 Enabled Allow Barcodescanner_Lizenzserver Disabled Disabled Funk-Scan-Kiosk-DMZ UDP:1820
172.17.0.9
85 Enabled Allow HBCI_fuer_SFirm Disabled Disabled S+S LAN Any-External TCP:3000
S+S DMZ 93.186.25.33
86 Enabled Allow SRP BlackBerry Enabled Disabled TCP:3101
SUS_DMZ 193.109.81.33
S+S DMZ
Funk-Scan-Kiosk-DMZ
S+S LAN
87 Enabled Allow RDP Enabled Disabled SUS_LAN TCP:3389
SUS_DMZ
SUS_DMZ
SuS-Labor
S+S DMZ
88 Enabled Allow HTTPS zu DMZ Enabled Disabled Any-Trusted TCP:3443
SUS_DMZ
Any-Trusted
89 Enabled Allow WatchGuard Authentication Disabled Disabled Firebox TCP:4100
Any-Optional
Any-Trusted
90 Enabled Allow WatchGuard Certificate Portal Disabled Disabled Firebox TCP:4126
Any-Optional
91 Enabled Allow Apple APN Port 5223 Disabled Disabled DMZ-WLAN 17.0.0.0/255.0.0.0 TCP:5223
92 Enabled Allow Google C2DM Port 5228 Disabled Disabled DMZ-WLAN Any-External TCP:5228
S+S LAN Funk-Scan-Kiosk-DMZ
93 Enabled Allow ManageEngine Port 8020 Disabled Disabled TCP:8020
Funk-Scan-Kiosk-DMZ S+S LAN
94 Enabled Allow ManageEngine Port 8027 Disabled Disabled Funk-Scan-Kiosk-DMZ S+S LAN TCP:8027
S+S LAN Funk-Scan-Kiosk-DMZ
95 Enabled Allow ManageEnginePort8031 Disabled Disabled TCP:8031
Funk-Scan-Kiosk-DMZ S+S LAN
96 Disabled Allow HTTP 8080 in Mobileiron Disabled Disabled Any-External 80.156.231.141-->192.168.200.20 TCP:8080
Any-Trusted
97 Enabled Allow WatchGuard Web UI Disabled Disabled Firebox TCP:8080
Any-Optional
S+S LAN Funk-Scan-Kiosk-DMZ
98 Enabled Allow ManageEnginePort8443 Disabled Disabled TCP:8443
Funk-Scan-Kiosk-DMZ S+S LAN
S+S DMZ
99 Enabled Allow HTTPS Sentry Enabled Disabled Any-Trusted TCP:8443
SUS_DMZ
100 Enabled Allow Port8443 Disabled Disabled 172.17.22.131 Any-External TCP:8443
101 Enabled Allow Port8443-ESRS Disabled Disabled 172.17.0.201 Any-External TCP:8443
S+S DMZ
102 Enabled Allow Traveler-Sync_DMZ_zu_LAN Enabled Disabled S+S LAN TCP:8642
SUS_DMZ
S+S DMZ
103 Enabled Allow Traveler-Sync_dmzWLAN_zuDMZ Enabled Disabled DMZ-WLAN TCP:8642
SUS_DMZ
S+S DMZ
104 Enabled Allow Traveler-Sync_WAN_zu_DMZ Enabled Disabled Any-External TCP:8642
SUS_DMZ
105 Enabled Allow Port 9001 Disabled Disabled S+S LAN Any-External TCP:9001
TCP:445
192.168.200.21 172.17.0.30 UDP:445
106 Enabled Allow SMB-MobileIron-Fileserver Disabled Disabled
192.168.200.20 172.17.0.63 UDP:137-138
TCP:139
107 Enabled Allow Port9443-ESRS Disabled Disabled 172.17.0.201 Any-External TCP:9443
108 Enabled Allow Port 9997 Mobileiron Disabled Disabled Any-External 80.156.231.141-->192.168.200.20 TCP:9997
S+S DMZ
109 Enabled Allow Port 9997 MobIron.WLAN Enabled Disabled DMZ-WLAN TCP:9997
SUS_DMZ
S+S DMZ
110 Enabled Allow NagiosClient Enabled Disabled 172.17.0.22 TCP:12489
SUS_DMZ
111 Enabled Allow Port 51543 Disabled Disabled S+S LAN 141.47.248.3 TCP:51543
ICMP
112 Enabled Allow Ping Disabled Disabled Any-Trusted Any
IPv6-ICMP
Firebox
S+S DMZ 172.17.0.10
TCP:53
113 Enabled Allow DNS Enabled Disabled Any-Trusted 172.17.0.30
UDP:53
SUS_DMZ 172.17.0.50
172.17.0.60
TCP:53
114 Enabled Allow DNS.1 Disabled Disabled Any-Trusted Any-External
UDP:53
S+S DMZ
TCP:123
115 Enabled Allow NTP_DMZ Enabled Disabled Funk-Scan-Kiosk-DMZ S+S LAN
UDP:123
SUS_DMZ
TCP:123
116 Enabled Allow NTP Disabled Disabled Any-Trusted Firebox
UDP:123
TCP:123
117 Enabled Allow NTP_Extern Disabled Disabled 172.17.0.50 Any-External
UDP:123
172.17.0.2 82.135.18.168 TCP:1352
118 Enabled Allow Lotus-Notes_Retarus-Replik Disabled Disabled
172.17.0.43 82.135.18.169 UDP:1352
172.17.22.1
S+S DMZ TCP:1352
119 Enabled Allow Lotus-Notes_DMZ_zu_LAN Enabled Disabled 172.17.21.131
SUS_DMZ UDP:1352
Domino-SRV
S+S DMZ TCP:1352
120 Enabled Allow Lotus-Notes_LAN_zu_DMZ Enabled Disabled Any-Trusted
SUS_DMZ UDP:1352
S+S DMZ TCP:1352
121 Enabled Allow Lotus-Notes_WAN-zu_DMZ Enabled Disabled Any-External
SUS_DMZ UDP:1352
S+S DMZ
122 Enabled Allow Aplle MDM Enabled Disabled 17.0.0.0/255.0.0.0 TCP:2195-2196
SUS_DMZ
TCP:8000
123 Enabled Allow Elster Disabled Disabled S+S LAN Any-External
UDP:8000
UDP:4500
S+S LAN ESP:Any
124 Enabled Allow IPSec Disabled Disabled T-Com_WAN
DMZ-WLAN AH:Any
UDP:500
TCP:4103
TCP:4105
125 Enabled Allow WatchGuard Disabled Disabled zugriff-Firewall Firebox
TCP:4117
TCP:4118
TCP:692
126 Enabled Allow Barracuda VPN Disabled Disabled DMZ-WLAN T-Com_WAN UDP:691
TCP:801-820
UDP:32000-32640
TCP:7
TCP:67-69
TCP:80
TCP:443
TCP:10010
TCP:49712
IPPhone S+S LAN TCP:19533-19535
127 Enabled Allow AlcatelTelefon Enabled Disabled
S+S LAN IPPhone UDP:32514-32770
TCP:124
TCP:5060
UDP:5060
UDP:10946-10947
UDP:15530-15531
UDP:10266-10267
UDP:10208-10209

6 von 79 26.11.23, 08:37

Firebox Configuration Report https://172.17.0.7:8080/system/configuration

UDP:32768-65000
UDP:16384-32767
vLan_99 vLan_99
S+S LAN S+S LAN
128 Enabled Allow SNMP-Trap Enabled Disabled UDP:162
S+S DMZ S+S DMZ
SUS_DMZ SUS_DMZ
TCP:2051
129 Enabled Allow DATA_Domain_REP_Port Enabled Disabled Any-Trusted 172.17.1.200 TCP:3009
UDP:2051
S+S LAN S+S LAN TCP:49152-65535
130 Disabled Allow DellPerfomance Disabled Disabled
S+S DMZ S+S DMZ TCP:135
UDP:3478-3481
131 Enabled Allow SkypeBuisiness Disabled Disabled S+S LAN T-Com_WAN UDP:50000-60000
TCP:50000-60000
132 Enabled Proxy TEN-IT_VPN_DATA_DOMAIN.in Enabled Disabled tunnel.1 172.17.1.0/255.255.255.0 TCP:443
133 Enabled Allow Dakoso_Vpn.in Disabled Disabled Dacoso_Darktrace_VPN Any Any
134 Enabled Allow Lobster_VPN.in Disabled Disabled Lobster-DATA-Live238_Stage159 Any Any
135 Enabled Allow SAP_VPN_Nagarro_.in Disabled Disabled Nagarro DEFRA Any Any
Nagarro DEFRA
136 Enabled Allow BOVPN-Allow.in Disabled Disabled tunnel.1 Any Any
Lobster-DATA-Live238_Stage159

2-2 Firewall Policies Details

SSH.2
Status Action From To
Enabled Allow S+S LAN Management

Protocol SSH
Port TCP:22
Comment Policy added on 2023-11-23T17:37:28+01:00.
Proxy Action
Send Log Messages Disabled
Send log message for reports Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

SSH.1
Status Action From To
Enabled Allow Management Any

Protocol SSH
Port TCP:22
Comment Policy added on 2023-11-23T17:36:02+01:00.
Proxy Action
Send Log Messages Disabled
Send log message for reports Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

TFTP.1
Status Action From To
Enabled Allow Management S+S LAN

Protocol TFTP
Port UDP:69
Comment Policy added on 2023-11-23T17:42:30+01:00.
Proxy Action
Send Log Messages Disabled
Send log message for reports Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

SNMP.2
Status Action From To
Enabled Allow Management 172.17.0.230

Protocol SNMP
Port UDP:161
Comment Policy added on 2023-11-24T13:39:38+01:00.
Proxy Action
Send Log Messages Disabled
Properties Send log message for reports Disabled
Send SNMP trap Disabled
Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On

7 von 79 26.11.23, 08:37

Firebox Configuration Report https://172.17.0.7:8080/system/configuration

Forward Action None

Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

SNMP
Status Action From To
SUS_LAN SuS Server
SUS_DMZ SUS_LAN
Enabled Allow
SuS Server SUS_DMZ
vLan_99 vLan_99

Protocol SNMP
Port UDP:161
Comment Policy added on 2022-05-30T18:33:48+02:00.
Proxy Action
Send Log Messages Enabled
Send log message for reports Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Disabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

SNMP.1
Status Action From To
Enabled Allow 172.17.0.230 Management

Protocol SNMP
Port UDP:161
Comment Policy added on 2023-11-24T13:19:38+01:00.
Proxy Action
Send Log Messages Disabled
Send log message for reports Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

NTP.1
Status Action From To
216.239.35.4
Management 216.239.35.0
Enabled Allow
172.17.0.44 216.239.35.8
216.239.35.12

Protocol NTP
TCP:123
Port UDP:123
Comment Policy added on 2023-11-24T09:47:47+01:00.
Proxy Action
Send Log Messages Disabled
Send log message for reports Disabled
Properties Send SNMP trap Disabled
Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

Exchange365
Status Action From To
Enabled Allow ExchangeOnline-IP-Bereich Exchange365.snat

Protocol Exchange365
TCP:25
Port TCP:443
Comment Policy added on 2022-05-13T11:22:20+02:00.
Proxy Action
Send Log Messages Enabled
Send log message for reports Disabled
Properties Send SNMP trap Disabled
Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Disabled
NAT
Dynamic NAT Use Network NAT Settings

8 von 79 26.11.23, 08:37

Firebox Configuration Report https://172.17.0.7:8080/system/configuration

QoS Override per-interface settings Disabled

Sticky Connection Override Multi-WAN sticky connection setting Enabled

Access
Status Action From To
Enabled Allow Management 172.17.0.230

Protocol Any
Port Any
Comment Policy added on 2023-11-24T15:27:22+01:00.
Proxy Action
Send Log Messages Disabled
Send log message for reports Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

Access.1
Status Action From To
Enabled Allow 172.17.0.230 Management

Protocol Any
Port Any
Comment Policy added on 2023-11-24T15:55:30+01:00.
Proxy Action
Send Log Messages Disabled
Send log message for reports Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

BOVPN-Allow.out
Status Action From To
Nagarro DEFRA
Enabled Allow Any tunnel.1
Lobster-DATA-Live238_Stage159

Protocol Any
Port Any
Comment Policy added on 2022-04-04T13:56:54+02:00.
Proxy Action
Send Log Messages Disabled
Send log message for reports Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

Dakoso_Vpn.out
Status Action From To
Enabled Allow Any Dacoso_Darktrace_VPN

Protocol Any
Port Any
Comment Created by BOVPN Policy Wizard
Proxy Action
Send Log Messages Disabled
Send log message for reports Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

Lobster_VPN.out
Status Action From To
Enabled Allow Any Lobster-DATA-Live238_Stage159

Protocol Any
Port Any
Properties
Comment Created by BOVPN Policy Wizard
Proxy Action

9 von 79 26.11.23, 08:37

Firebox Configuration Report https://172.17.0.7:8080/system/configuration

Send Log Messages Disabled

Send log message for reports Disabled
Send SNMP trap Disabled
Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

SAP_VPN_Nagarro_.out
Status Action From To
Enabled Allow Any Nagarro DEFRA

Protocol Any
Port Any
Comment Created by BOVPN Policy Wizard
Proxy Action
Send Log Messages Disabled
Send log message for reports Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

TEN-IT_VPN_DATA_DOMAIN.out
Status Action From To
Enabled Proxy 172.17.1.0/255.255.255.0 tunnel.1

Protocol HTTPS-proxy
Port TCP:443
Comment Created by BOVPN Policy Wizard
Proxy Action HTTPS-Client.Standard
Send Log Messages Enabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

Any_fuer_PC131-10_PC061_PC151
Status Action From To
Enabled Allow Admin-PC Any

Protocol Any
Port Any
Comment Policy added on 2019-02-18T08:34:03+01:00.
Proxy Action
Send Log Messages Enabled
Send log message for reports Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

Innerhalb SuS alles frei

Status Action From To
S+S LAN S+S LAN
Enabled Allow SUS_LAN SUS_LAN
radius.bb.schillseilacher.de radius.bb.schillseilacher.de

Protocol Any
Port Any
Comment Policy added on 11.01.10 14:56.
Proxy Action
Send Log Messages Disabled
Send log message for reports Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
NAT 1-to-1 NAT Enabled

10 von 79 26.11.23, 08:37

Firebox Configuration Report https://172.17.0.7:8080/system/configuration

Dynamic NAT Use Network NAT Settings

QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

Any_fuer_GLG
Status Action From To
Disabled Allow 172.17.21.75 T-Com_WAN

Protocol Any
Port Any
Comment Policy added on 2014-08-25T12:40:41+02:00.
Proxy Action
Send Log Messages Disabled
Send log message for reports Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

Any_On_Way_Labor
Status Action From To
Enabled Allow Admin-PC-Alle SuS-Labor

Protocol Any
Port Any
Comment Policy added on 2022-11-07T18:44:24+01:00.
Proxy Action
Send Log Messages Enabled
Send log message for reports Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Disabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

Ports_Data_Domain_Rep
Status Action From To
172.17.1.200 Any-External
Enabled Allow
Any-External 172.17.1.200

Protocol Ports_Data_Domain_Rep
Port TCP:2051
Comment Policy added on 2022-11-02T11:19:10+01:00.
Proxy Action
Send Log Messages Enabled
Send log message for reports Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

FTP
Status Action From To
Enabled Allow S+S LAN Any-External

Protocol FTP
Port TCP:21
Comment Policy added on 08.09.08 15:07.
Proxy Action
Send Log Messages Disabled
Send log message for reports Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

SFTP
Status Action From To
Enabled Allow BCD Travel User Any

Protocol SFTP
Properties Port TCP:22
Comment Policy added on 2022-07-06T11:26:03+02:00.

11 von 79 26.11.23, 08:37

Firebox Configuration Report https://172.17.0.7:8080/system/configuration

Proxy Action
Send Log Messages Enabled
Send log message for reports Disabled
Send SNMP trap Disabled
Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

SSH_zum_Finanzamt
Status Action From To
Enabled Allow S+S LAN 80.245.147.91

Protocol SSH
Port TCP:22
Comment Policy added on 20.07.10 12:00.
Proxy Action
Send Log Messages Disabled
Send log message for reports Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

SFTP zu Eckardt
Status Action From To
Enabled Allow 172.17.0.39 78.46.133.97

Protocol SSH
Port TCP:22
Comment Policy added on 2021-08-02T16:14:25+02:00.
Proxy Action
Send Log Messages Disabled
Send log message for reports Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

SFTP zu Dakosy
Status Action From To
172.17.22.131
Enabled Allow 172.17.0.9 195.244.0.70
172.17.0.39

Protocol SFTP 2222

Port TCP:2222
Comment Policy added on 2019-10-31T10:15:38+01:00.
Proxy Action
Send Log Messages Disabled
Send log message for reports Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

SSH
Status Action From To
IPPhone S+S LAN
Enabled Allow
S+S LAN IPPhone

Protocol SSH
Port TCP:22
Comment Policy added on 2018-06-07T15:15:38+02:00.
Proxy Action
Send Log Messages Enabled
Send log message for reports Disabled
Properties Send SNMP trap Disabled
Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None

12 von 79 26.11.23, 08:37

Firebox Configuration Report https://172.17.0.7:8080/system/configuration

Connection Rate (per second) 0

ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

SSH zu DMZ
Status Action From To
S+S DMZ
Enabled Allow S+S LAN SUS_DMZ
SuS-Labor

Protocol SSH
Port TCP:22
Comment Policy added on 2013-10-07T15:31:52+02:00.
Proxy Action
Send Log Messages Enabled
Send log message for reports Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

SSH-8443 DELL
Status Action From To
DELL_Supp_assi_port DELL_Supp_assi_port
Enabled Allow
ESX_SC_Supp_assi ESX_SC_Supp_assi

Protocol SSH-8443
TCP:8443
Port TCP:22
Comment Policy added on 2020-10-30T14:12:14+01:00.
Proxy Action
Send Log Messages Disabled
Send log message for reports Disabled
Properties Send SNMP trap Disabled
Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

SSH DELL Compellent

Status Action From To
ESX_SC_Supp_assi ESX_SC_Supp_assi
Enabled Allow
DELL_Supp_assi_port DELL_Supp_assi_port

Protocol SSH
Port TCP:22
Comment Policy added on 2020-10-30T10:05:21+01:00.
Proxy Action
Send Log Messages Enabled
Send log message for reports Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Disabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

Barcodescanner_Telnet
Status Action From To
Enabled Allow Funk-Scan-Kiosk-DMZ 172.17.0.1

Protocol Telnet
Port TCP:23
Comment Policy added on 11.03.10 11:53.
Proxy Action
Send Log Messages Disabled
Send log message for reports Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

CMN-DO02

13 von 79 26.11.23, 08:37

Firebox Configuration Report https://172.17.0.7:8080/system/configuration

Status Action From To

192.168.200.15 192.168.200.15
Enabled Allow 172.17.0.2 172.17.0.2
172.17.0.103~172.17.0.105 172.17.0.103~172.17.0.105

Protocol CMN-DO02
TCP:8961
TCP:1352
Port UDP:1352
UDP:8961
Comment Policy added on 2022-09-12T10:49:58+02:00.
Proxy Action
Send Log Messages Enabled
Properties Send log message for reports Disabled
Send SNMP trap Disabled
Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Disabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

Alarm-Server Port
Status Action From To
Enabled Allow Any-External Alarmserver.snat

Protocol Alarm-Server Port

Port TCP:22223
Comment Policy added on 2023-07-06T13:24:17+02:00.
Proxy Action
Send Log Messages Disabled
Send log message for reports Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

SMTP-in-proxy
Status Action From To
62.245.148.8
Disabled Proxy 62.245.148.9 SMTP_in_Tcom.snat.snat
94.199.89.34

Protocol SMTP-proxy
TCP:25
Port TCP:465
Comment Policy added on 2017-07-24T14:08:23+02:00.
Proxy Action SMTP-Incoming.SuS
Send Log Messages Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

SMTP-Ferarri-Fax
Status Action From To
Enabled Allow 172.17.0.111 schillseilacher0365.mail.protection.outlook.com

Protocol SMTP
Port TCP:25
Comment Policy added on 2023-11-14T09:40:53+01:00.
Proxy Action
Send Log Messages Disabled
Send log message for reports Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

SMTP_in
Status Action From To
62.245.148.8
62.245.148.9
94.199.89.34
Enabled Allow SMTP_in_Tcom.snat.snat
94.199.92.185
94.199.92.188~94.199.92.191
94.199.92.177~94.199.92.182

Properties Protocol SMTP

14 von 79 26.11.23, 08:37

Firebox Configuration Report https://172.17.0.7:8080/system/configuration

Port TCP:25
Comment Policy added on 09.09.08 08:00.
Proxy Action
Send Log Messages Disabled
Send log message for reports Disabled
Send SNMP trap Disabled
Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

SMTP_DMZ_zu_LAN
Status Action From To
S+S DMZ
Enabled Allow S+S LAN
SUS_DMZ

Protocol SMTP
Port TCP:25
Comment Policy added on 09.09.08 08:19.
Proxy Action
Send Log Messages Disabled
Send log message for reports Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

SMTP-out-proxy
Status Action From To
172.17.0.2
Disabled Proxy Any-External
172.17.0.43

Protocol SMTP-proxy
TCP:25
Port
TLS Support [ Disabled ]
Comment Policy added on 2017-07-24T14:50:37+02:00.
Proxy Action SMTP-Outgoing.SuS
Send Log Messages Disabled
Properties Send SNMP trap Disabled
Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

SMTP_Out
Status Action From To
Domino-SRV
Enabled Allow Any-External
172.17.0.103

Protocol SMTP
Port TCP:25
Comment Policy added on 09.09.08 11:18.
Proxy Action
Send Log Messages Disabled
Send log message for reports Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

SMTP_dmzWLAN
Status Action From To
Enabled Allow DMZ-WLAN Any-External

Protocol SMTP
Port TCP:25
Comment Policy added on 10.03.09 15:05.
Proxy Action
Send Log Messages Disabled
Properties Send log message for reports Disabled
Send SNMP trap Disabled
Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On

15 von 79 26.11.23, 08:37

Firebox Configuration Report https://172.17.0.7:8080/system/configuration

Forward Action None

Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

DHCP-Server
Status Action From To
IPPhone IPPhone
Enabled Allow
172.17.0.83 172.17.0.83

Protocol DHCP-Server
Port UDP:67
Comment Policy added on 2018-06-07T15:13:58+02:00.
Proxy Action
Send Log Messages Enabled
Send log message for reports Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

TFTP
Status Action From To
IPPhone 172.17.0.83
Enabled Allow
172.17.0.83 IPPhone

Protocol TFTP
Port UDP:69
Comment Policy added on 2018-06-07T15:16:57+02:00.
Proxy Action
Send Log Messages Enabled
Send log message for reports Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

WatchGuard AcssesPortal SSLVPN

Status Action From To
Disabled Allow Any-External Firebox

Protocol SSL-VPN
Port TCP:443
Comment Policy added on 2021-01-20T14:40:18+01:00.
Proxy Action
Send Log Messages Enabled
Send log message for reports Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Disabled
NAT
Dynamic NAT All traffic in this policy [ 80.156.231.141 ]
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

Luja_PNA_Ports
Status Action From To
Enabled Allow PNA_Port_Freigabe T-Com_WAN

Protocol Luja_PNA_Ports
TCP:65263
Port TCP:4000
TCP:4321
Comment Policy added on 2022-02-24T11:41:09+01:00.
Proxy Action
Send Log Messages Enabled
Send log message for reports Disabled
Properties Send SNMP trap Disabled
Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Disabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

HTTP_DMZ_LAN

16 von 79 26.11.23, 08:37

Firebox Configuration Report https://172.17.0.7:8080/system/configuration

Status Action From To

S+S DMZ
Enabled Allow S+S LAN
SUS_DMZ

Protocol HTTP
Port TCP:80
Comment Policy added on 15.09.08 13:50.
Proxy Action
Send Log Messages Disabled
Send log message for reports Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

HTTP_zu_DMZ
Status Action From To
S+S DMZ
Enabled Allow Any-Trusted
SUS_DMZ

Protocol HTTP
Port TCP:80
Comment Policy added on 13.09.08 10:50.
Proxy Action
Send Log Messages Enabled
Send log message for reports Enabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

HTTP in T Webmailer
Status Action From To
Enabled Allow Any-External HTTP_TCOM_Webmailer.snat.snat

Protocol HTTP
Port TCP:80
Comment Policy added on 2014-06-18T15:06:55+02:00.
Proxy Action
Send Log Messages Disabled
Send log message for reports Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

HTTP_dmzWLAN_intranet
Status Action From To
Enabled Allow DMZ-WLAN 172.17.0.22

Protocol HTTP
Port TCP:80
Comment Policy added on 2014-07-15T08:54:27+02:00.
Proxy Action
Send Log Messages Disabled
Send log message for reports Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

HTTP-proxy.GLG
Status Action From To
172.17.21.149
Enabled Proxy T-Com_WAN
172.17.21.75

Protocol HTTP-proxy
Port TCP:80
Comment Policy added on 2017-06-13T12:02:14+02:00.
Properties Proxy Action HTTP-Client_GLG
Send Log Messages Disabled
Send SNMP trap Disabled
Send notification Disabled

17 von 79 26.11.23, 08:37

Firebox Configuration Report https://172.17.0.7:8080/system/configuration

Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

HTTP-Kiosk_zu_Intranet
Status Action From To
Enabled Allow Funk-Scan-Kiosk-DMZ S+S LAN

Protocol HTTP
Port TCP:80
Comment Policy added on 2014-11-12T09:20:03+01:00.
Proxy Action
Send Log Messages Disabled
Send log message for reports Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

HTTP-proxy-Wachter
Status Action From To
Enabled Proxy MuK Any-External

Protocol HTTP-proxy
Port TCP:80
Comment Policy added on 2018-03-16T11:24:15+01:00.
Proxy Action HTTP-Client.Wachter
Send Log Messages Enabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

HTTP-proxy-KIOSKPC
Status Action From To
Enabled Proxy KIOSKPC Any-External

Protocol HTTP-proxy
Port TCP:80
Comment Policy added on 2022-06-28T09:05:08+02:00.
Proxy Action HTTP-Client.KIOSKPC
Send Log Messages Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

HTTP-proxy
Status Action From To
S+S DMZ
DMZ-WLAN
Enabled Proxy VPN-Benutzer Any-External
vLan_99
SUS_LAN

Protocol HTTP-proxy
Port TCP:80
Comment Policy added on 22.09.08 10:08.
Proxy Action HTTP-Client.Standard.1
Send Log Messages Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

18 von 79 26.11.23, 08:37

Firebox Configuration Report https://172.17.0.7:8080/system/configuration

HTTP-Deny
Status Action From To
Enabled Block SUS_LAN Any-External

Protocol HTTP
Port TCP:80
Comment Policy added on 08.10.09 08:07.
Proxy Action
Send Log Messages Enabled
Send log message for reports Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

POP3_dmzWLAN
Status Action From To
Enabled Allow DMZ-WLAN Any-External

Protocol POP3
Port TCP:110
Comment Policy added on 2013-02-13T12:03:35+01:00.
Proxy Action
Send Log Messages Disabled
Send log message for reports Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

IMAP_dmzWLAN
Status Action From To
Enabled Allow DMZ-WLAN Any-External

Protocol IMAP
Port TCP:143
Comment Policy added on 04.03.09 15:39.
Proxy Action
Send Log Messages Disabled
Send log message for reports Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

SNMP-von DESSBLX022
Status Action From To
172.17.0.22
Enabled Allow Firebox
172.17.0.52

Protocol SNMP
Port UDP:161
Comment Policy added on 18.03.09 14:10.
Proxy Action
Send Log Messages Disabled
Send log message for reports Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

Z39-50_SciFinder
Status Action From To
Enabled Allow S+S LAN Any-External

Protocol Z39-50
Port TCP:210
Comment Policy added on 09.09.08 11:16.
Properties Proxy Action
Send Log Messages Disabled
Send log message for reports Disabled
Send SNMP trap Disabled
Send notification Disabled

19 von 79 26.11.23, 08:37

Firebox Configuration Report https://172.17.0.7:8080/system/configuration

Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

DMZ-AD-Anbindung
Status Action From To
SUS_DMZ SUS_DMZ
Enabled Allow
SUS_LAN SUS_LAN

Protocol LDAP-TCP+UDP
TCP:389
UDP:389
TCP:49769
TCP:445
TCP:49783
Port TCP:88
TCP:135
TCP:49668
TCP:49674
TCP:49669
TCP:8027
Comment Policy added on 2021-01-18T15:22:49+01:00.
Properties Proxy Action
Send Log Messages Enabled
Send log message for reports Disabled
Send SNMP trap Disabled
Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Disabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

LDAP fuer DMZ

Status Action From To
S+S DMZ
Enabled Allow S+S LAN
SUS_DMZ

Protocol LDAP
Port TCP:389
Comment Policy added on 2013-10-07T15:43:33+02:00.
Proxy Action
Send Log Messages Disabled
Send log message for reports Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

Helpdesk-Port
Status Action From To
172.17.0.45 172.17.0.45
Enabled Allow
192.168.200.1 192.168.200.1

Protocol Helpdesk-Port
Port TCP:8383
Comment Policy added on 2021-01-18T15:53:27+01:00.
Proxy Action
Send Log Messages Enabled
Send log message for reports Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Disabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

HTTPS-in-140-DMZ
Status Action From To
Enabled Proxy Any-External HTTP_TCOM_Webmailer.snat.snat

Protocol HTTPS-proxy
Port TCP:443
Comment Policy added on 2019-10-26T09:28:00+02:00.
Proxy Action HTTPS-Server.Domino.in.DMZ
Properties Send Log Messages Disabled
Send SNMP trap Disabled
Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On

20 von 79 26.11.23, 08:37

Firebox Configuration Report https://172.17.0.7:8080/system/configuration

Forward Action None

Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

HTTPS-proxy-AV.Webmailer
Status Action From To
Disabled Proxy Any-External HTTP_TCOM_Webmailer.snat.snat

Protocol HTTPS-proxy
Port TCP:443
Comment Policy added on 2015-08-05T13:06:39+02:00.
Proxy Action HTTPS-AVScanner
Send Log Messages Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

HTTPS in T Webmailer
Status Action From To
Disabled Allow Any-External HTTP_TCOM_Webmailer.snat.snat

Protocol HTTPS
Port TCP:443
Comment Policy added on 2014-06-18T15:11:36+02:00.
Proxy Action
Send Log Messages Disabled
Send log message for reports Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

HTTPS-in-141-DMZ
Status Action From To
Enabled Proxy Any-External nat Tcom MobIron.snat

Protocol HTTPS-proxy
Port TCP:443
Comment Policy added on 2019-11-18T09:50:13+01:00.
Proxy Action HTTPS-Server-MobileIron in DMZ
Send Log Messages Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

HTTPS in Mobileiron
Status Action From To
Disabled Allow Any-External nat Tcom MobIron.snat

Protocol HTTPS
Port TCP:443
Comment Policy added on 2014-06-18T15:17:12+02:00.
Proxy Action
Send Log Messages Disabled
Send log message for reports Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

HTTPS Sentry in
Status Action From To
217.8.57.160 S+S DMZ
Enabled Allow
217.91.174.143 SUS_DMZ

21 von 79 26.11.23, 08:37

Firebox Configuration Report https://172.17.0.7:8080/system/configuration

Protocol Port8443
Port TCP:8443
Comment Policy added on 2013-10-11T13:38:40+02:00.
Proxy Action
Send Log Messages Enabled
Send log message for reports Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

HTTPS mobileiron.com
Status Action From To
69.90.213.47
S+S DMZ
Enabled Allow 72.51.53.5
SUS_DMZ
72.51.53.6

Protocol HTTPS
Port TCP:443
Comment Policy added on 2013-10-08T08:33:06+02:00.
Proxy Action
Send Log Messages Enabled
Send log message for reports Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

HTTPS-proxy_GLG
Status Action From To
172.17.21.75
Enabled Proxy T-Com_WAN
172.17.21.149

Protocol HTTPS-proxy
Port TCP:443
Comment Policy added on 2017-06-13T12:09:29+02:00.
Proxy Action HTTPS-Client_GLG
Send Log Messages Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

HTTPS-DMZ-LAN
Status Action From To
S+S LAN S+S DMZ
Enabled Allow S+S DMZ S+S LAN
SUS_DMZ SUS_DMZ

Protocol HTTPS
Port TCP:443
Comment Policy added on 2013-10-07T15:37:10+02:00.
Proxy Action
Send Log Messages Enabled
Send log message for reports Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

HTTPS_dmzWLAN
Status Action From To
S+S DMZ
Enabled Allow DMZ-WLAN
SUS_DMZ

Protocol HTTPS
Port TCP:443
Comment Policy added on 2013-10-23T10:04:54+02:00.
Proxy Action
Properties
Send Log Messages Enabled
Send log message for reports Disabled
Send SNMP trap Disabled
Send notification Disabled
Auto-block Disabled

22 von 79 26.11.23, 08:37

Firebox Configuration Report https://172.17.0.7:8080/system/configuration

Specify custom idle timeout None

Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

HTTPS_ESRS
Status Action From To
Enabled Allow 172.17.0.201 Any-External

Protocol HTTPS
Port TCP:443
Comment Policy added on 2017-07-18T14:18:59+02:00.
Proxy Action
Send Log Messages Disabled
Send log message for reports Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

HTTPS-proxy.Wachter
Status Action From To
Enabled Proxy MuK Any-External

Protocol HTTPS-proxy
Port TCP:443
Comment Policy added on 2018-03-16T11:29:33+01:00.
Proxy Action HTTPS-Client.Wachter
Send Log Messages Enabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

HTTPS-proxy-KIOSKPC
Status Action From To
Enabled Proxy KIOSKPC Any-External

Protocol HTTPS-proxy
Port TCP:443
Comment Policy added on 2022-06-28T09:08:36+02:00.
Proxy Action HTTPS-Client.KIOSKPC
Send Log Messages Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

HTTPS-proxy
Status Action From To
S+S DMZ
DMZ-WLAN
Enabled Proxy VPN-Benutzer Any-External
vLan_99
SUS_LAN

Protocol HTTPS-proxy
Port TCP:443
Comment Policy added on 22.09.08 10:09.
Proxy Action HTTPS-Client.2
Send Log Messages Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

HTTPS_ESX_SC_Support_Assistent

23 von 79 26.11.23, 08:37

Firebox Configuration Report https://172.17.0.7:8080/system/configuration

Status Action From To

Enabled Allow ESX_SC_Supp_assi DELL_Supp_assi_port

Protocol HTTPS
Port TCP:443
Comment Policy added on 2020-10-30T10:03:33+01:00.
Proxy Action
Send Log Messages Enabled
Send log message for reports Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Disabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

CWS Repair APP Port 2403

Status Action From To
Enabled Allow DMZ-WLAN Any-External

Protocol Port 2403

Port TCP:2403
Comment Policy added on 2023-01-26T11:38:58+01:00.
Proxy Action
Send Log Messages Disabled
Send log message for reports Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

HTTPS-Deny
Status Action From To
Enabled Block Any Any-External

Protocol HTTPS
Port TCP:443
Comment Policy added on 08.10.09 08:08.
Proxy Action
Send Log Messages Enabled
Send log message for reports Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

SMTP-SSL_dmzWLAN
Status Action From To
Enabled Allow DMZ-WLAN Any-External

Protocol SMTP-SSL
Port TCP:465
Comment Policy added on 2013-02-13T12:19:46+01:00.
Proxy Action
Send Log Messages Disabled
Send log message for reports Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

IMAP-SSL_dmzWLAN
Status Action From To
Enabled Allow DMZ-WLAN Any-External

Protocol IMAP-SSL
Port TCP:993
Comment Policy added on 2013-02-13T12:08:54+01:00.
Proxy Action
Properties Send Log Messages Disabled
Send log message for reports Disabled
Send SNMP trap Disabled
Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None

24 von 79 26.11.23, 08:37

Firebox Configuration Report https://172.17.0.7:8080/system/configuration

Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

OpenVPN Port 1194

Status Action From To
Enabled Allow DMZ-WLAN Any-External

Protocol OpenVPN Port 1194

Port TCP:1194
Comment Policy added on 2013-10-09T10:24:06+02:00.
Proxy Action
Send Log Messages Disabled
Send log message for reports Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

Gast-Wlan-Port 8443
Status Action From To
Enabled Allow DMZ-WLAN Any-External

Protocol Port8443
Port TCP:8443
Comment Policy added on 2023-06-20T10:56:03+02:00.
Proxy Action
Send Log Messages Enabled
Send log message for reports Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Disabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

Groupwise_in
Status Action From To
Disabled Allow 172.16.25.248 S+S LAN

Protocol Groupwise
Port TCP:1677
Comment Policy added on 17.09.08 09:40.
Proxy Action
Send Log Messages Disabled
Send log message for reports Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

Groupwise_out
Status Action From To
172.16.25.248
Disabled Allow S+S LAN
Any-External

Protocol Groupwise
Port TCP:1677
Comment Policy added on 17.09.08 09:39.
Proxy Action
Send Log Messages Disabled
Send log message for reports Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

Barcodescanner_Lizenzserver

25 von 79 26.11.23, 08:37

Firebox Configuration Report https://172.17.0.7:8080/system/configuration

Status Action From To

172.17.0.19
Enabled Allow Funk-Scan-Kiosk-DMZ
172.17.0.9

Protocol Barcodescanner_Lizenzserver
Port UDP:1820
Comment Policy added on 11.03.10 11:56.
Proxy Action
Send Log Messages Disabled
Send log message for reports Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

HBCI_fuer_SFirm
Status Action From To
Enabled Allow S+S LAN Any-External

Protocol HBCI
Port TCP:3000
Comment Policy added on 2011-07-14T10:39:23+02:00.
Proxy Action
Send Log Messages Disabled
Send log message for reports Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

SRP BlackBerry
Status Action From To
S+S DMZ 93.186.25.33
Enabled Allow
SUS_DMZ 193.109.81.33

Protocol SRP
Port TCP:3101
Comment Policy added on 2012-05-30T12:25:17+02:00.
Proxy Action
Send Log Messages Enabled
Send log message for reports Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

RDP
Status Action From To
S+S DMZ
Funk-Scan-Kiosk-DMZ
S+S LAN
Enabled Allow SUS_LAN
SUS_DMZ
SUS_DMZ
SuS-Labor

Protocol RDP
Port TCP:3389
Comment Policy added on 2012-05-29T09:00:05+02:00.
Proxy Action
Send Log Messages Enabled
Send log message for reports Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

HTTPS zu DMZ
Status Action From To
S+S DMZ
Enabled Allow Any-Trusted
SUS_DMZ

Protocol BB-https
Port TCP:3443
Properties
Comment Policy added on 2012-06-01T13:09:56+02:00.
Proxy Action

26 von 79 26.11.23, 08:37

Firebox Configuration Report https://172.17.0.7:8080/system/configuration

Send Log Messages Enabled

Send log message for reports Disabled
Send SNMP trap Disabled
Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

WatchGuard Authentication
Status Action From To
Any-Trusted
Enabled Allow Firebox
Any-Optional

Protocol WG-Auth
Port TCP:4100
Comment Policy added on 12.09.08 08:46.
Proxy Action
Send Log Messages Disabled
Send log message for reports Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Disabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

WatchGuard Certificate Portal

Status Action From To
Any-Trusted
Enabled Allow Firebox
Any-Optional

Protocol WG-Cert-Portal
Port TCP:4126
Comment Policy added on 2017-01-27T14:01:16+01:00.
Proxy Action
Send Log Messages Disabled
Send log message for reports Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

Apple APN Port 5223

Status Action From To
Enabled Allow DMZ-WLAN 17.0.0.0/255.0.0.0

Protocol Port 5223

Port TCP:5223
Comment Policy added on 2013-10-23T09:45:30+02:00.
Proxy Action
Send Log Messages Disabled
Send log message for reports Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

Google C2DM Port 5228

Status Action From To
Enabled Allow DMZ-WLAN Any-External

Protocol Port 5228

Port TCP:5228
Comment Policy added on 2013-10-23T09:44:15+02:00.
Proxy Action
Send Log Messages Disabled
Send log message for reports Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled

27 von 79 26.11.23, 08:37

Firebox Configuration Report https://172.17.0.7:8080/system/configuration

1-to-1 NAT Enabled

NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

ManageEngine Port 8020

Status Action From To
S+S LAN Funk-Scan-Kiosk-DMZ
Enabled Allow
Funk-Scan-Kiosk-DMZ S+S LAN

Protocol Port 8020

Port TCP:8020
Comment Policy added on 2017-02-24T13:26:36+01:00.
Proxy Action
Send Log Messages Disabled
Send log message for reports Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

ManageEngine Port 8027

Status Action From To
Enabled Allow Funk-Scan-Kiosk-DMZ S+S LAN

Protocol Port 8027

Port TCP:8027
Comment Policy added on 2017-02-24T13:47:38+01:00.
Proxy Action
Send Log Messages Disabled
Send log message for reports Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

ManageEnginePort8031
Status Action From To
S+S LAN Funk-Scan-Kiosk-DMZ
Enabled Allow
Funk-Scan-Kiosk-DMZ S+S LAN

Protocol Port8031
Port TCP:8031
Comment Policy added on 2017-02-20T09:28:17+01:00.
Proxy Action
Send Log Messages Disabled
Send log message for reports Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

HTTP 8080 in Mobileiron

Status Action From To
Disabled Allow Any-External nat Tcom MobIron.snat

Protocol HTTP 8080

Port TCP:8080
Comment Policy added on 2014-06-18T15:19:26+02:00.
Proxy Action
Send Log Messages Disabled
Send log message for reports Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

WatchGuard Web UI
Status Action From To
Any-Trusted
Enabled Allow Firebox
Any-Optional

Properties Protocol WG-Fireware-XTM-WebUI

28 von 79 26.11.23, 08:37

Firebox Configuration Report https://172.17.0.7:8080/system/configuration

Port TCP:8080
Comment Policy added on 2011-05-07T13:36:06+02:00.
Proxy Action
Send Log Messages Disabled
Send log message for reports Disabled
Send SNMP trap Disabled
Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

ManageEnginePort8443
Status Action From To
S+S LAN Funk-Scan-Kiosk-DMZ
Enabled Allow
Funk-Scan-Kiosk-DMZ S+S LAN

Protocol Port8443
Port TCP:8443
Comment Policy added on 2017-02-20T09:29:10+01:00.
Proxy Action
Send Log Messages Disabled
Send log message for reports Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

HTTPS Sentry
Status Action From To
S+S DMZ
Enabled Allow Any-Trusted
SUS_DMZ

Protocol Sentry HTTPS

Port TCP:8443
Comment Policy added on 2013-10-07T15:40:18+02:00.
Proxy Action
Send Log Messages Enabled
Send log message for reports Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

Port8443
Status Action From To
Enabled Allow 172.17.22.131 Any-External

Protocol Port8443
Port TCP:8443
Comment Policy added on 09.07.10 11:19.
Proxy Action
Send Log Messages Disabled
Send log message for reports Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

Port8443-ESRS
Status Action From To
Enabled Allow 172.17.0.201 Any-External

Protocol Port8443
Port TCP:8443
Comment Policy added on 2017-07-18T14:14:32+02:00.
Proxy Action
Send Log Messages Disabled
Properties Send log message for reports Disabled
Send SNMP trap Disabled
Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On

29 von 79 26.11.23, 08:37

Firebox Configuration Report https://172.17.0.7:8080/system/configuration

Forward Action None

Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

Traveler-Sync_DMZ_zu_LAN
Status Action From To
S+S DMZ
Enabled Allow S+S LAN
SUS_DMZ

Protocol Traveler-Sync
Port TCP:8642
Comment Policy added on 09.09.08 08:11.
Proxy Action
Send Log Messages Enabled
Send log message for reports Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

Traveler-Sync_dmzWLAN_zuDMZ
Status Action From To
S+S DMZ
Enabled Allow DMZ-WLAN
SUS_DMZ

Protocol Traveler-Sync
Port TCP:8642
Comment Policy added on 2013-02-13T11:12:32+01:00.
Proxy Action
Send Log Messages Enabled
Send log message for reports Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

Traveler-Sync_WAN_zu_DMZ
Status Action From To
S+S DMZ
Enabled Allow Any-External
SUS_DMZ

Protocol Traveler-Sync
Port TCP:8642
Comment Policy added on 09.09.08 08:11.
Proxy Action
Send Log Messages Enabled
Send log message for reports Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

Port 9001
Status Action From To
Enabled Allow S+S LAN Any-External

Protocol Port 9001

Port TCP:9001
Comment Policy added on 2013-07-03T13:39:54+02:00.
Proxy Action
Send Log Messages Disabled
Send log message for reports Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

SMB-MobileIron-Fileserver

30 von 79 26.11.23, 08:37

Firebox Configuration Report https://172.17.0.7:8080/system/configuration

Status Action From To

192.168.200.21 172.17.0.30
Enabled Allow
192.168.200.20 172.17.0.63

Protocol SMB
TCP:445
UDP:445
Port UDP:137-138
TCP:139
Comment Policy added on 2013-10-11T10:10:34+02:00.
Proxy Action
Send Log Messages Disabled
Properties Send log message for reports Disabled
Send SNMP trap Disabled
Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

Port9443-ESRS
Status Action From To
Enabled Allow 172.17.0.201 Any-External

Protocol Port9443
Port TCP:9443
Comment Policy added on 2018-06-01T11:22:29+02:00.
Proxy Action
Send Log Messages Disabled
Send log message for reports Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

Port 9997 Mobileiron

Status Action From To
Enabled Allow Any-External nat Tcom MobIron.snat

Protocol Port 9997 MobIron

Port TCP:9997
Comment Policy added on 2014-06-18T15:20:41+02:00.
Proxy Action
Send Log Messages Disabled
Send log message for reports Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

Port 9997 MobIron.WLAN

Status Action From To
S+S DMZ
Enabled Allow DMZ-WLAN
SUS_DMZ

Protocol Port 9997 MobIron

Port TCP:9997
Comment Policy added on 2013-12-11T15:20:09+01:00.
Proxy Action
Send Log Messages Enabled
Send log message for reports Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

NagiosClient
Status Action From To
S+S DMZ
Enabled Allow 172.17.0.22
SUS_DMZ

Protocol NagiosClient
Port TCP:12489
Properties
Comment Policy added on 2012-06-04T08:15:54+02:00.
Proxy Action

31 von 79 26.11.23, 08:37

Firebox Configuration Report https://172.17.0.7:8080/system/configuration

Send Log Messages Enabled

Send log message for reports Disabled
Send SNMP trap Disabled
Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

Port 51543
Status Action From To
Enabled Allow S+S LAN 141.47.248.3

Protocol Port 51543

Port TCP:51543
Comment Policy added on 2013-03-13T16:21:21+01:00.
Proxy Action
Send Log Messages Disabled
Send log message for reports Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

Ping
Status Action From To
Enabled Allow Any-Trusted Any

Protocol Ping
ICMP
Port IPv6-ICMP
Comment Policy added on 08.09.08 15:07.
Proxy Action
Send Log Messages Disabled
Send log message for reports Disabled
Properties Send SNMP trap Disabled
Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

DNS
Status Action From To
Firebox
S+S DMZ 172.17.0.10
Enabled Allow Any-Trusted 172.17.0.30
SUS_DMZ 172.17.0.50
172.17.0.60

Protocol DNS
TCP:53
Port UDP:53
Comment Policy added on 13.09.08 10:53.
Proxy Action
Send Log Messages Enabled
Send log message for reports Disabled
Properties Send SNMP trap Disabled
Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

DNS.1
Status Action From To
Enabled Allow Any-Trusted Any-External

Protocol DNS
TCP:53
Port UDP:53
Comment Policy added on 13.09.08 13:36.
Proxy Action
Properties Send Log Messages Disabled
Send log message for reports Disabled
Send SNMP trap Disabled
Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On

32 von 79 26.11.23, 08:37

Firebox Configuration Report https://172.17.0.7:8080/system/configuration

Forward Action None

Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

NTP_DMZ
Status Action From To
S+S DMZ
Enabled Allow Funk-Scan-Kiosk-DMZ S+S LAN
SUS_DMZ

Protocol NTP
TCP:123
Port UDP:123
Comment Policy added on 09.09.08 11:23.
Proxy Action
Send Log Messages Enabled
Send log message for reports Disabled
Properties Send SNMP trap Disabled
Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

NTP
Status Action From To
Enabled Allow Any-Trusted Firebox

Protocol NTP
TCP:123
Port UDP:123
Comment Policy added on 13.09.08 11:01.
Proxy Action
Send Log Messages Disabled
Send log message for reports Disabled
Properties Send SNMP trap Disabled
Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

NTP_Extern
Status Action From To
Enabled Allow 172.17.0.50 Any-External

Protocol NTP
TCP:123
Port UDP:123
Comment Policy added on 15.09.08 14:40.
Proxy Action
Send Log Messages Disabled
Send log message for reports Disabled
Properties Send SNMP trap Disabled
Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

Lotus-Notes_Retarus-Replik
Status Action From To
172.17.0.2 82.135.18.168
Enabled Allow
172.17.0.43 82.135.18.169

Protocol Lotus-Notes
TCP:1352
Port UDP:1352
Comment Policy added on 09.09.08 11:31.
Proxy Action
Send Log Messages Disabled
Send log message for reports Disabled
Properties Send SNMP trap Disabled
Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled

33 von 79 26.11.23, 08:37

Firebox Configuration Report https://172.17.0.7:8080/system/configuration

Sticky Connection Override Multi-WAN sticky connection setting Enabled

Lotus-Notes_DMZ_zu_LAN
Status Action From To
172.17.22.1
S+S DMZ
Enabled Allow 172.17.21.131
SUS_DMZ
Domino-SRV

Protocol Lotus-Notes
TCP:1352
Port UDP:1352
Comment Policy added on 15.09.08 13:31.
Proxy Action
Send Log Messages Enabled
Send log message for reports Disabled
Properties Send SNMP trap Disabled
Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

Lotus-Notes_LAN_zu_DMZ
Status Action From To
S+S DMZ
Enabled Allow Any-Trusted
SUS_DMZ

Protocol Lotus-Notes
TCP:1352
Port UDP:1352
Comment Policy added on 09.09.08 08:09.
Proxy Action
Send Log Messages Enabled
Send log message for reports Disabled
Properties Send SNMP trap Disabled
Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

Lotus-Notes_WAN-zu_DMZ
Status Action From To
S+S DMZ
Enabled Allow Any-External
SUS_DMZ

Protocol Lotus-Notes
TCP:1352
Port UDP:1352
Comment Policy added on 09.09.08 08:09.
Proxy Action
Send Log Messages Enabled
Send log message for reports Disabled
Properties Send SNMP trap Disabled
Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

Aplle MDM
Status Action From To
S+S DMZ
Enabled Allow 17.0.0.0/255.0.0.0
SUS_DMZ

Protocol Aplle MDM

Port TCP:2195-2196
Comment Policy added on 2013-10-08T08:39:17+02:00.
Proxy Action
Send Log Messages Enabled
Send log message for reports Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

Elster
Status Action From To
Enabled Allow S+S LAN Any-External

Properties Protocol Elster

34 von 79 26.11.23, 08:37

Firebox Configuration Report https://172.17.0.7:8080/system/configuration

TCP:8000
Port UDP:8000
Comment Policy added on 09.09.08 11:14.
Proxy Action
Send Log Messages Disabled
Send log message for reports Disabled
Send SNMP trap Disabled
Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

IPSec
Status Action From To
S+S LAN
Enabled Allow T-Com_WAN
DMZ-WLAN

Protocol IPSec
UDP:4500
ESP:Any
Port AH:Any
UDP:500
Comment Policy added on 2014-10-23T07:55:01+02:00.
Proxy Action
Send Log Messages Disabled
Properties Send log message for reports Disabled
Send SNMP trap Disabled
Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

WatchGuard
Status Action From To
Enabled Allow zugriff-Firewall Firebox

Protocol WG-Firebox-Mgmt
TCP:4103
TCP:4105
Port TCP:4117
TCP:4118
Comment Policy added on 08.09.08 15:07.
Proxy Action
Send Log Messages Disabled
Properties Send log message for reports Disabled
Send SNMP trap Disabled
Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

Barracuda VPN
Status Action From To
Enabled Allow DMZ-WLAN T-Com_WAN

Protocol Barracuda VPN

TCP:692
Port UDP:691
TCP:801-820
Comment Policy added on 2017-08-04T09:36:27+02:00.
Proxy Action
Send Log Messages Disabled
Send log message for reports Disabled
Properties Send SNMP trap Disabled
Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

AlcatelTelefon
Status Action From To
IPPhone S+S LAN
Enabled Allow
S+S LAN IPPhone

Protocol AlcatelTelefon
UDP:32000-32640
TCP:7
Properties TCP:67-69
Port TCP:80
TCP:443
TCP:10010
TCP:49712

35 von 79 26.11.23, 08:37

Firebox Configuration Report https://172.17.0.7:8080/system/configuration

TCP:19533-19535
UDP:32514-32770
TCP:124
TCP:5060
UDP:5060
UDP:10946-10947
UDP:15530-15531
UDP:10266-10267
UDP:10208-10209
UDP:32768-65000
UDP:16384-32767
Comment Policy added on 2018-06-07T15:12:22+02:00.
Proxy Action
Send Log Messages Enabled
Send log message for reports Disabled
Send SNMP trap Disabled
Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

SNMP-Trap
Status Action From To
vLan_99 vLan_99
S+S LAN S+S LAN
Enabled Allow
S+S DMZ S+S DMZ
SUS_DMZ SUS_DMZ

Protocol SNMP-Trap
Port UDP:162
Comment Policy added on 2021-01-13T19:17:30+01:00.
Proxy Action
Send Log Messages Enabled
Send log message for reports Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Disabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

DATA_Domain_REP_Port
Status Action From To
Enabled Allow Any-Trusted 172.17.1.200

Protocol DATA_Domain_REP_Port
TCP:2051
Port TCP:3009
UDP:2051
Comment Policy added on 2023-02-22T13:34:31+01:00.
Proxy Action
Send Log Messages Enabled
Send log message for reports Disabled
Properties Send SNMP trap Disabled
Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Disabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

DellPerfomance
Status Action From To
S+S LAN S+S LAN
Disabled Allow
S+S DMZ S+S DMZ

Protocol DellPerfomance
TCP:49152-65535
Port TCP:135
Comment Policy added on 2019-04-05T10:30:39+02:00.
Proxy Action
Send Log Messages Disabled
Send log message for reports Disabled
Properties Send SNMP trap Disabled
Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

SkypeBuisiness
Status Action From To
Enabled Allow S+S LAN T-Com_WAN

Properties Protocol SkypeBuisiness

36 von 79 26.11.23, 08:37

Firebox Configuration Report https://172.17.0.7:8080/system/configuration

UDP:3478-3481
Port UDP:50000-60000
TCP:50000-60000
Comment Policy added on 2019-05-29T15:14:39+02:00.
Proxy Action
Send Log Messages Disabled
Send log message for reports Disabled
Send SNMP trap Disabled
Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

TEN-IT_VPN_DATA_DOMAIN.in
Status Action From To
Enabled Proxy tunnel.1 172.17.1.0/255.255.255.0

Protocol HTTPS-proxy
Port TCP:443
Comment Created by BOVPN Policy Wizard
Proxy Action HTTPS-Client.Standard
Send Log Messages Enabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

Dakoso_Vpn.in
Status Action From To
Enabled Allow Dacoso_Darktrace_VPN Any

Protocol Any
Port Any
Comment Created by BOVPN Policy Wizard
Proxy Action
Send Log Messages Disabled
Send log message for reports Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

Lobster_VPN.in
Status Action From To
Enabled Allow Lobster-DATA-Live238_Stage159 Any

Protocol Any
Port Any
Comment Created by BOVPN Policy Wizard
Proxy Action
Send Log Messages Disabled
Send log message for reports Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

SAP_VPN_Nagarro_.in
Status Action From To
Enabled Allow Nagarro DEFRA Any

Protocol Any
Port Any
Comment Created by BOVPN Policy Wizard
Proxy Action
Send Log Messages Disabled
Send log message for reports Disabled
Properties Send SNMP trap Disabled
Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None

37 von 79 26.11.23, 08:37

Firebox Configuration Report https://172.17.0.7:8080/system/configuration

Connection Rate (per second) 0

ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

BOVPN-Allow.in
Status Action From To
Nagarro DEFRA
Enabled Allow tunnel.1 Any
Lobster-DATA-Live238_Stage159

Protocol Any
Port Any
Comment Policy added on 2022-04-04T13:56:54+02:00.
Proxy Action
Send Log Messages Disabled
Send log message for reports Disabled
Send SNMP trap Disabled
Properties Send notification Disabled
Auto-block Disabled
Specify custom idle timeout None
Schedule Always On
Forward Action None
Reverse Action None
Connection Rate (per second) 0
ICMP ICMP Error Handling Disabled
1-to-1 NAT Enabled
NAT
Dynamic NAT Use Network NAT Settings
QoS Override per-interface settings Disabled
Sticky Connection Override Multi-WAN sticky connection setting Enabled

2-3 Mobile VPN Policies

Mobile VPN Policies

MUVPN App
Order Action Policy Name Type Port Tag
Group Control
VPN-
1 ✓ VPN-iPhoneDNS DNS
iPhone
TCP:53, UDP:53 pruefen

VPN-
Tunnel-MFA-
2 ✓ AlcatelTelefon
AlcatelTelefon Benutzer- Any, TCP:7, Any, TCP:80, TCP:443, TCP:10010, TCP:49712, Any, Any, TCP:124, TCP:5060, UDP:5060, Any, Any, Any, Any, Any, Any Global
MFA
Tunnel- VPN-
3 ✓ AlcatelTelefon.1
AlcatelTelefon
Benutzer
Any, TCP:7, Any, TCP:80, TCP:443, TCP:10010, TCP:49712, Any, Any, TCP:124, TCP:5060, UDP:5060, Any, Any, Any, Any, Any, Any

VPN-
4 ✓ VPN-DiehlES-Any Any
DiehlES
Any pruefen

VPN-
5 ✓ VPN-DiehlK-Any Any
DiehlK
Any pruefen

VPN-
VPN-Extern-MFA-
6 ✓ Any
Any Extern- Any
MFA
Bechtle-
7 ✓ Bechtle-IPSEC-Any Any
IPSEC
Any pruefen

BEOS-
8 ✓ BEOS-IPSEC-Any Any
IPSEC
Any Global pruefen

VPN-
9 ✓ VPN-iPhone-Any Any
iPhone
Any pruefen

VPN-
10 ✓ VPN-Benutzer-Any Any
Benutzer
Any

11 ✓ Olschewski-Any Any Olschewski Any pruefen

Service-
12 ✓ Service-Partner-Any Any
Partner
Any pruefen

VPN-
13 ✓ VPN-Bilgram-Any Any
Bilgram
Any pruefen

VPN-
14 ✓ Tunnel-RDP RDP
Benutzer
TCP:3389 pruefen

VPN-
15 ✓ Tunnel-DNS DNS
Benutzer
TCP:53, UDP:53 Global

Tunnel-DHCP- VPN-
16 ✗ Server
DHCP-Server
Benutzer
UDP:67 Global

Tunnel- VPN-
17 ✓ AlcatelTelefon
AlcatelTelefon
Benutzer
Any, TCP:7, Any, TCP:80, TCP:443, TCP:10010, TCP:49712, Any, Any, TCP:124, TCP:5060, UDP:5060, Any, Any, Any, Any, Any, Any Global

Tunnel-Https-SW- VPN-
18 ✓ Netz
Https-SW-Netz
Benutzer
TCP:80, TCP:443 Global

Tunnel-Addison- VPN-
19 ✗ Ports
Addison-Ports
Benutzer
TCP:6001, UDP:6001, TCP:8080, UDP:8080, TCP:8090, UDP:8090, TCP:8100, UDP:8100, TCP:8110, UDP:8110 Global

VPN-
20 ✓ Tunnel-SSH SSH
Benutzer
TCP:22 Global

Tunnel-Tunnel Tunnel Domino01 VPN-

21 ✓ Domino01 Port Port Benutzer
TCP:1352 Global

Tunnel- VPN-
22 ✓ OPAL_Lizens_Port.1
OPAL_Lizens_Port
Benutzer
TCP:5160 Global

VPN-
VPN-Benutzer-MFA-
23 ✓ Any
Any Benutzer- Any Global
MFA
VPN-
24 ✓ Tunnel-MFA-RDP.1 RDP Benutzer- TCP:3389 Global
MFA
VPN-
25 ✓ Tunnel-MFA-DNS DNS Benutzer- TCP:53, UDP:53 Global
MFA
VPN-
Tunnel-MFA-DHCP-
26 ✓ Server
DHCP-Server Benutzer- UDP:67 Global
MFA
VPN-
Tunnel-MFA-
27 ✓ Addison-Ports
Addison-Ports Benutzer- TCP:6001, UDP:6001, TCP:8080, UDP:8080, TCP:8090, UDP:8090, TCP:8100, UDP:8100, TCP:8110, UDP:8110 Global
MFA
VPN-
28 ✓ Tunnel-MFA-SSH SSH Benutzer- TCP:22 Global
MFA
VPN-
Tunnel-
29 ✓ OPAL_Lizens_Port
OPAL_Lizens_Port Benutzer- TCP:5160 Global
MFA

VPN-iPhoneDNS - Enabled (Group: VPN-iPhone)

Connections are Allowed
Policy Type DNS
Protocol:Port TCP:53, UDP:53
Allowed Resources 0.0.0.0/0
Enable Intrusion Prevention Enabled
Settings Enable bandwidth and time quotas Disabled
Auto-block sites that attempt to connect Disabled
Specify custom idle timeout Disabled
Send a log message Disabled
Send a log message for reports Disabled
Send SNMP trap Disabled
Send notification Disabled

38 von 79 26.11.23, 08:37

Firebox Configuration Report https://172.17.0.7:8080/system/configuration

Tags pruefen
Application Control Application Control Action None
Forward Action (From > To) None
Traffic Management
Reverse Action (To > From) None
Scheduling Schedule Action Always On
Comment Policy added on 2014-06-23T16:04:39+02:00.
Advanced
Use policy-based ICMP error handling Disabled

Tunnel-MFA-AlcatelTelefon - Enabled (Group: VPN-Benutzer-MFA)

Connections are Allowed
Policy Type AlcatelTelefon
Protocol:Port Any, TCP:7, Any, TCP:80, TCP:443, TCP:10010, TCP:49712, Any, Any, TCP:124, TCP:5060, UDP:5060, Any, Any, Any, Any, Any, Any
Any-External
Allowed Resources 0.0.0.0/0
Enable Intrusion Prevention Enabled
Enable bandwidth and time quotas Disabled
Settings
Auto-block sites that attempt to connect Disabled
Specify custom idle timeout Disabled
Send a log message Enabled
Send a log message for reports Disabled
Send SNMP trap Disabled
Send notification Disabled
Tags None
Application Control Application Control Action Global
Forward Action (From > To) None
Traffic Management
Reverse Action (To > From) None
Scheduling Schedule Action Always On
Comment Policy added on 2023-03-23T11:27:49+01:00.
Advanced
Use policy-based ICMP error handling Disabled

Tunnel-AlcatelTelefon.1 - Enabled (Group: VPN-Benutzer)

Connections are Allowed
Policy Type AlcatelTelefon
Protocol:Port Any, TCP:7, Any, TCP:80, TCP:443, TCP:10010, TCP:49712, Any, Any, TCP:124, TCP:5060, UDP:5060, Any, Any, Any, Any, Any, Any
Any-External
Allowed Resources 0.0.0.0/0
Enable Intrusion Prevention Enabled
Enable bandwidth and time quotas Disabled
Settings
Auto-block sites that attempt to connect Disabled
Specify custom idle timeout Disabled
Send a log message Disabled
Send a log message for reports Disabled
Send SNMP trap Disabled
Send notification Disabled
Tags None
Application Control Application Control Action None
Forward Action (From > To) None
Traffic Management
Reverse Action (To > From) None
Scheduling Schedule Action Always On
Comment Policy added on 2021-02-26T11:49:21+01:00.
Advanced
Use policy-based ICMP error handling Disabled

VPN-DiehlES-Any - Enabled (Group: VPN-DiehlES)

Connections are Allowed
Policy Type Any
Protocol:Port Any
Allowed Resources 172.17.0.0/16
Enable Intrusion Prevention Enabled
Enable bandwidth and time quotas Disabled
Settings Auto-block sites that attempt to connect Disabled
Specify custom idle timeout Disabled
Send a log message Disabled
Send a log message for reports Disabled
Send SNMP trap Disabled
Send notification Disabled
Tags pruefen
Application Control Application Control Action None
Forward Action (From > To) None
Traffic Management
Reverse Action (To > From) None
Scheduling Schedule Action Always On
Comment Policy added on 2014-06-20T10:21:38+02:00.
Advanced
Use policy-based ICMP error handling Disabled

VPN-DiehlK-Any - Enabled (Group: VPN-DiehlK)

Connections are Allowed
Policy Type Any
Protocol:Port Any
Allowed Resources 172.17.0.0/16
Enable Intrusion Prevention Enabled
Enable bandwidth and time quotas Disabled
Settings Auto-block sites that attempt to connect Disabled
Specify custom idle timeout Disabled
Send a log message Disabled
Send a log message for reports Disabled
Send SNMP trap Disabled
Send notification Disabled
Tags pruefen
Application Control Application Control Action None
Forward Action (From > To) None
Traffic Management
Reverse Action (To > From) None
Scheduling Schedule Action Always On
Comment Policy added on 2014-06-20T10:21:38+02:00.
Advanced
Use policy-based ICMP error handling Disabled

VPN-Extern-MFA-Any - Enabled (Group: VPN-Extern-MFA)

Connections are Allowed
Policy Type Any
Protocol:Port Any
Allowed Resources 172.17.0.0/16
Enable Intrusion Prevention Enabled
Settings
Enable bandwidth and time quotas Disabled
Auto-block sites that attempt to connect Disabled
Specify custom idle timeout Disabled
Send a log message Disabled
Send a log message for reports Disabled

39 von 79 26.11.23, 08:37

Firebox Configuration Report https://172.17.0.7:8080/system/configuration

Send SNMP trap Disabled

Send notification Disabled
Tags None
Application Control Application Control Action None
Forward Action (From > To) None
Traffic Management
Reverse Action (To > From) None
Scheduling Schedule Action Always On
Comment Policy added on 2023-06-27T11:23:46+02:00.
Advanced
Use policy-based ICMP error handling Disabled

Bechtle-IPSEC-Any - Enabled (Group: Bechtle-IPSEC)

Connections are Allowed
Policy Type Any
Protocol:Port Any
Any-External
Allowed Resources 0.0.0.0/0
Enable Intrusion Prevention Enabled
Enable bandwidth and time quotas Disabled
Settings
Auto-block sites that attempt to connect Disabled
Specify custom idle timeout Disabled
Send a log message Disabled
Send a log message for reports Disabled
Send SNMP trap Disabled
Send notification Disabled
Tags pruefen
Application Control Application Control Action None
Forward Action (From > To) None
Traffic Management
Reverse Action (To > From) None
Scheduling Schedule Action Always On
Comment Policy added on 2011-09-08T11:29:05+02:00.
Advanced
Use policy-based ICMP error handling Disabled

BEOS-IPSEC-Any - Enabled (Group: BEOS-IPSEC)

Connections are Allowed
Policy Type Any
Protocol:Port Any
Any-External
Allowed Resources 172.17.0.0/16
Enable Intrusion Prevention Enabled
Enable bandwidth and time quotas Disabled
Settings
Auto-block sites that attempt to connect Disabled
Specify custom idle timeout Disabled
Send a log message Enabled
Send a log message for reports Disabled
Send SNMP trap Disabled
Send notification Disabled
Tags pruefen
Application Control Application Control Action Global
Forward Action (From > To) None
Traffic Management
Reverse Action (To > From) None
Scheduling Schedule Action Always On
Comment Policy added on 2015-04-07T10:27:06+02:00.
Advanced
Use policy-based ICMP error handling Disabled

VPN-iPhone-Any - Enabled (Group: VPN-iPhone)

Connections are Allowed
Policy Type Any
Protocol:Port Any
Any-External
Allowed Resources 0.0.0.0/0
Enable Intrusion Prevention Enabled
Enable bandwidth and time quotas Disabled
Settings
Auto-block sites that attempt to connect Disabled
Specify custom idle timeout Disabled
Send a log message Disabled
Send a log message for reports Disabled
Send SNMP trap Disabled
Send notification Disabled
Tags pruefen
Application Control Application Control Action None
Forward Action (From > To) None
Traffic Management
Reverse Action (To > From) None
Scheduling Schedule Action Always On
Comment Policy added on 2014-06-23T15:53:41+02:00.
Advanced
Use policy-based ICMP error handling Disabled

VPN-Benutzer-Any - Enabled (Group: VPN-Benutzer)

Connections are Allowed
Policy Type Any
Protocol:Port Any
Any-External
172.17.0.0/16
172.16.0.0/16
Allowed Resources 172.18.0.0/16
192.168.200.0/24
10.169.58.0/24
109.234.190.64/26
Settings Enable Intrusion Prevention Disabled
Enable bandwidth and time quotas Disabled
Auto-block sites that attempt to connect Disabled
Specify custom idle timeout Disabled
Send a log message Disabled
Send a log message for reports Disabled
Send SNMP trap Disabled
Send notification Disabled
Tags None
Application Control Application Control Action None
Forward Action (From > To) None
Traffic Management
Reverse Action (To > From) None
Scheduling Schedule Action Always On
Comment Policy added on 14.10.08 14:30.
Advanced
Use policy-based ICMP error handling Disabled

Olschewski-Any - Enabled (Group: Olschewski)

Connections are Allowed
Settings Policy Type Any
Protocol:Port Any

40 von 79 26.11.23, 08:37

Firebox Configuration Report https://172.17.0.7:8080/system/configuration

Any-External
Allowed Resources 0.0.0.0/0
Enable Intrusion Prevention Disabled
Enable bandwidth and time quotas Disabled
Auto-block sites that attempt to connect Disabled
Specify custom idle timeout Disabled
Send a log message Disabled
Send a log message for reports Disabled
Send SNMP trap Disabled
Send notification Disabled
Tags pruefen
Application Control Application Control Action None
Forward Action (From > To) None
Traffic Management
Reverse Action (To > From) None
Scheduling Schedule Action Always On
Comment Policy added on 2017-01-24T14:08:03+01:00.
Advanced
Use policy-based ICMP error handling Disabled

Service-Partner-Any - Enabled (Group: Service-Partner)

Connections are Allowed
Policy Type Any
Protocol:Port Any
Any-External
Allowed Resources 0.0.0.0/0
Enable Intrusion Prevention Disabled
Enable bandwidth and time quotas Disabled
Settings
Auto-block sites that attempt to connect Disabled
Specify custom idle timeout Disabled
Send a log message Disabled
Send a log message for reports Disabled
Send SNMP trap Disabled
Send notification Disabled
Tags pruefen
Application Control Application Control Action None
Forward Action (From > To) None
Traffic Management
Reverse Action (To > From) None
Scheduling Schedule Action Always On
Comment Policy added on 2020-07-20T13:46:40+02:00.
Advanced
Use policy-based ICMP error handling Disabled

VPN-Bilgram-Any - Enabled (Group: VPN-Bilgram)

Connections are Allowed
Policy Type Any
Protocol:Port Any
Any-External
Allowed Resources 0.0.0.0/0
Enable Intrusion Prevention Enabled
Enable bandwidth and time quotas Disabled
Settings
Auto-block sites that attempt to connect Disabled
Specify custom idle timeout Disabled
Send a log message Disabled
Send a log message for reports Disabled
Send SNMP trap Disabled
Send notification Disabled
Tags pruefen
Application Control Application Control Action None
Forward Action (From > To) None
Traffic Management
Reverse Action (To > From) None
Scheduling Schedule Action Always On
Comment Policy added on 2017-05-22T08:42:27+02:00.
Advanced
Use policy-based ICMP error handling Disabled

Tunnel-RDP - Enabled (Group: VPN-Benutzer)

Connections are Allowed
Policy Type RDP
Protocol:Port TCP:3389
Any-External
172.17.0.0/16
Allowed Resources 172.16.0.0/16
172.18.0.0/16
192.168.200.0/24
Enable Intrusion Prevention Enabled
Settings
Enable bandwidth and time quotas Disabled
Auto-block sites that attempt to connect Disabled
Specify custom idle timeout Disabled
Send a log message Disabled
Send a log message for reports Disabled
Send SNMP trap Disabled
Send notification Disabled
Tags pruefen
Application Control Application Control Action None
Forward Action (From > To) None
Traffic Management
Reverse Action (To > From) None
Scheduling Schedule Action Always On
Comment Policy added on 2020-06-05T12:09:16+02:00.
Advanced
Use policy-based ICMP error handling Disabled

Tunnel-DNS - Enabled (Group: VPN-Benutzer)

Connections are Allowed
Policy Type DNS
Protocol:Port TCP:53, UDP:53
172.17.0.0/16
Allowed Resources 172.31.254.0/24
Enable Intrusion Prevention Enabled
Enable bandwidth and time quotas Disabled
Settings
Auto-block sites that attempt to connect Disabled
Specify custom idle timeout Disabled
Send a log message Enabled
Send a log message for reports Disabled
Send SNMP trap Disabled
Send notification Disabled
Tags None
Application Control Application Control Action Global
Forward Action (From > To) None
Traffic Management
Reverse Action (To > From) None
Scheduling Schedule Action Always On
Advanced Comment Policy added on 2021-01-25T14:43:37+01:00.

41 von 79 26.11.23, 08:37

Firebox Configuration Report https://172.17.0.7:8080/system/configuration

Use policy-based ICMP error handling Disabled

Tunnel-DHCP-Server - Disabled (Group: VPN-Benutzer)

Connections are Allowed
Policy Type DHCP-Server
Protocol:Port UDP:67
Allowed Resources 172.17.0.50
Enable Intrusion Prevention Enabled
Enable bandwidth and time quotas Disabled
Settings Auto-block sites that attempt to connect Disabled
Specify custom idle timeout Disabled
Send a log message Enabled
Send a log message for reports Disabled
Send SNMP trap Disabled
Send notification Disabled
Tags None
Application Control Application Control Action Global
Forward Action (From > To) None
Traffic Management
Reverse Action (To > From) None
Scheduling Schedule Action Always On
Comment Policy added on 2021-04-22T14:28:54+02:00.
Advanced
Use policy-based ICMP error handling Disabled

Tunnel-AlcatelTelefon - Enabled (Group: VPN-Benutzer)

Connections are Allowed
Policy Type AlcatelTelefon
Protocol:Port Any, TCP:7, Any, TCP:80, TCP:443, TCP:10010, TCP:49712, Any, Any, TCP:124, TCP:5060, UDP:5060, Any, Any, Any, Any, Any, Any
Allowed Resources 172.29.0.0/16
Enable Intrusion Prevention Enabled
Enable bandwidth and time quotas Disabled
Settings Auto-block sites that attempt to connect Disabled
Specify custom idle timeout Disabled
Send a log message Enabled
Send a log message for reports Disabled
Send SNMP trap Disabled
Send notification Disabled
Tags None
Application Control Application Control Action Global
Forward Action (From > To) None
Traffic Management
Reverse Action (To > From) None
Scheduling Schedule Action Always On
Comment Policy added on 2021-01-19T17:03:26+01:00.
Advanced
Use policy-based ICMP error handling Disabled

Tunnel-Https-SW-Netz - Enabled (Group: VPN-Benutzer)

Connections are Allowed
Policy Type Https-SW-Netz
Protocol:Port TCP:80, TCP:443
Allowed Resources 172.31.254.0/24
Enable Intrusion Prevention Enabled
Enable bandwidth and time quotas Disabled
Settings Auto-block sites that attempt to connect Disabled
Specify custom idle timeout Disabled
Send a log message Enabled
Send a log message for reports Disabled
Send SNMP trap Disabled
Send notification Disabled
Tags None
Application Control Application Control Action Global
Forward Action (From > To) None
Traffic Management
Reverse Action (To > From) None
Scheduling Schedule Action Always On
Comment Policy added on 2021-02-01T11:49:55+01:00.
Advanced
Use policy-based ICMP error handling Disabled

Tunnel-Addison-Ports - Disabled (Group: VPN-Benutzer)

Connections are Allowed
Policy Type Addison-Ports
Protocol:Port TCP:6001, UDP:6001, TCP:8080, UDP:8080, TCP:8090, UDP:8090, TCP:8100, UDP:8100, TCP:8110, UDP:8110
Any-External
Allowed Resources 0.0.0.0/0
Enable Intrusion Prevention Enabled
Enable bandwidth and time quotas Disabled
Settings
Auto-block sites that attempt to connect Disabled
Specify custom idle timeout Disabled
Send a log message Enabled
Send a log message for reports Disabled
Send SNMP trap Disabled
Send notification Disabled
Tags None
Application Control Application Control Action Global
Forward Action (From > To) None
Traffic Management
Reverse Action (To > From) None
Scheduling Schedule Action Always On
Comment Policy added on 2021-05-04T15:30:01+02:00.
Advanced
Use policy-based ICMP error handling Disabled

Tunnel-SSH - Enabled (Group: VPN-Benutzer)

Connections are Allowed
Policy Type SSH
Protocol:Port TCP:22
Allowed Resources 172.31.254.0/24
Enable Intrusion Prevention Enabled
Enable bandwidth and time quotas Disabled
Settings Auto-block sites that attempt to connect Disabled
Specify custom idle timeout Disabled
Send a log message Enabled
Send a log message for reports Disabled
Send SNMP trap Disabled
Send notification Disabled
Tags None
Application Control Application Control Action Global
Forward Action (From > To) None
Traffic Management
Reverse Action (To > From) None
Scheduling Schedule Action Always On

42 von 79 26.11.23, 08:37

Firebox Configuration Report https://172.17.0.7:8080/system/configuration

Comment Policy added on 2021-01-25T14:40:41+01:00.

Advanced
Use policy-based ICMP error handling Disabled

Tunnel-Tunnel Domino01 Port - Enabled (Group: VPN-Benutzer)

Connections are Allowed
Policy Type Tunnel Domino01 Port
Protocol:Port TCP:1352
Allowed Resources 172.17.0.2
Enable Intrusion Prevention Enabled
Enable bandwidth and time quotas Disabled
Settings Auto-block sites that attempt to connect Disabled
Specify custom idle timeout Disabled
Send a log message Enabled
Send a log message for reports Disabled
Send SNMP trap Disabled
Send notification Disabled
Tags None
Application Control Application Control Action Global
Forward Action (From > To) None
Traffic Management
Reverse Action (To > From) None
Scheduling Schedule Action Always On
Comment Policy added on 2021-02-01T12:28:42+01:00.
Advanced
Use policy-based ICMP error handling Disabled

Tunnel-OPAL_Lizens_Port.1 - Enabled (Group: VPN-Benutzer)

Connections are Allowed
Policy Type OPAL_Lizens_Port
Protocol:Port TCP:5160
Any-External
Allowed Resources 0.0.0.0/0
Enable Intrusion Prevention Enabled
Enable bandwidth and time quotas Disabled
Settings
Auto-block sites that attempt to connect Disabled
Specify custom idle timeout Disabled
Send a log message Enabled
Send a log message for reports Disabled
Send SNMP trap Disabled
Send notification Disabled
Tags None
Application Control Application Control Action Global
Forward Action (From > To) None
Traffic Management
Reverse Action (To > From) None
Scheduling Schedule Action Always On
Comment Policy added on 2023-07-14T09:43:47+02:00.
Advanced
Use policy-based ICMP error handling Disabled

VPN-Benutzer-MFA-Any - Enabled (Group: VPN-Benutzer-MFA)

Connections are Allowed
Policy Type Any
Protocol:Port Any
Any-External
Allowed Resources 0.0.0.0/0
Enable Intrusion Prevention Enabled
Enable bandwidth and time quotas Disabled
Settings
Auto-block sites that attempt to connect Disabled
Specify custom idle timeout Disabled
Send a log message Enabled
Send a log message for reports Disabled
Send SNMP trap Disabled
Send notification Disabled
Tags None
Application Control Application Control Action Global
Forward Action (From > To) None
Traffic Management
Reverse Action (To > From) None
Scheduling Schedule Action Always On
Comment Policy added on 2022-11-11T11:23:03+01:00.
Advanced
Use policy-based ICMP error handling Disabled

Tunnel-MFA-RDP.1 - Enabled (Group: VPN-Benutzer-MFA)

Connections are Allowed
Policy Type RDP
Protocol:Port TCP:3389
Any-External
Allowed Resources 0.0.0.0/0
Enable Intrusion Prevention Enabled
Enable bandwidth and time quotas Disabled
Settings
Auto-block sites that attempt to connect Disabled
Specify custom idle timeout Disabled
Send a log message Enabled
Send a log message for reports Disabled
Send SNMP trap Disabled
Send notification Disabled
Tags None
Application Control Application Control Action Global
Forward Action (From > To) None
Traffic Management
Reverse Action (To > From) None
Scheduling Schedule Action Always On
Comment Policy added on 2023-03-23T11:28:36+01:00.
Advanced
Use policy-based ICMP error handling Disabled

Tunnel-MFA-DNS - Enabled (Group: VPN-Benutzer-MFA)

Connections are Allowed
Policy Type DNS
Protocol:Port TCP:53, UDP:53
Any-External
Allowed Resources 0.0.0.0/0
Enable Intrusion Prevention Enabled
Enable bandwidth and time quotas Disabled
Settings
Auto-block sites that attempt to connect Disabled
Specify custom idle timeout Disabled
Send a log message Enabled
Send a log message for reports Disabled
Send SNMP trap Disabled
Send notification Disabled
Tags None
Application Control Application Control Action Global

43 von 79 26.11.23, 08:37

Firebox Configuration Report https://172.17.0.7:8080/system/configuration

Forward Action (From > To) None

Traffic Management
Reverse Action (To > From) None
Scheduling Schedule Action Always On
Comment Policy added on 2023-03-23T11:28:56+01:00.
Advanced
Use policy-based ICMP error handling Disabled

Tunnel-MFA-DHCP-Server - Enabled (Group: VPN-Benutzer-MFA)

Connections are Allowed
Policy Type DHCP-Server
Protocol:Port UDP:67
Any-External
Allowed Resources 0.0.0.0/0
Enable Intrusion Prevention Enabled
Enable bandwidth and time quotas Disabled
Settings
Auto-block sites that attempt to connect Disabled
Specify custom idle timeout Disabled
Send a log message Enabled
Send a log message for reports Disabled
Send SNMP trap Disabled
Send notification Disabled
Tags None
Application Control Application Control Action Global
Forward Action (From > To) None
Traffic Management
Reverse Action (To > From) None
Scheduling Schedule Action Always On
Comment Policy added on 2023-03-23T11:29:19+01:00.
Advanced
Use policy-based ICMP error handling Disabled

Tunnel-MFA-Addison-Ports - Enabled (Group: VPN-Benutzer-MFA)

Connections are Allowed
Policy Type Addison-Ports
Protocol:Port TCP:6001, UDP:6001, TCP:8080, UDP:8080, TCP:8090, UDP:8090, TCP:8100, UDP:8100, TCP:8110, UDP:8110
Any-External
Allowed Resources 0.0.0.0/0
Enable Intrusion Prevention Enabled
Enable bandwidth and time quotas Disabled
Settings
Auto-block sites that attempt to connect Disabled
Specify custom idle timeout Disabled
Send a log message Enabled
Send a log message for reports Disabled
Send SNMP trap Disabled
Send notification Disabled
Tags None
Application Control Application Control Action Global
Forward Action (From > To) None
Traffic Management
Reverse Action (To > From) None
Scheduling Schedule Action Always On
Comment Policy added on 2023-03-23T11:29:49+01:00.
Advanced
Use policy-based ICMP error handling Disabled

Tunnel-MFA-SSH - Enabled (Group: VPN-Benutzer-MFA)

Connections are Allowed
Policy Type SSH
Protocol:Port TCP:22
Any-External
Allowed Resources 0.0.0.0/0
Enable Intrusion Prevention Enabled
Enable bandwidth and time quotas Disabled
Settings
Auto-block sites that attempt to connect Disabled
Specify custom idle timeout Disabled
Send a log message Enabled
Send a log message for reports Disabled
Send SNMP trap Disabled
Send notification Disabled
Tags None
Application Control Application Control Action Global
Forward Action (From > To) None
Traffic Management
Reverse Action (To > From) None
Scheduling Schedule Action Always On
Comment Policy added on 2023-03-23T11:30:54+01:00.
Advanced
Use policy-based ICMP error handling Disabled

Tunnel-OPAL_Lizens_Port - Enabled (Group: VPN-Benutzer-MFA)

Connections are Allowed
Policy Type OPAL_Lizens_Port
Protocol:Port TCP:5160
Any-External
Allowed Resources 0.0.0.0/0
Enable Intrusion Prevention Enabled
Enable bandwidth and time quotas Disabled
Settings
Auto-block sites that attempt to connect Disabled
Specify custom idle timeout Disabled
Send a log message Enabled
Send a log message for reports Disabled
Send SNMP trap Disabled
Send notification Disabled
Tags None
Application Control Application Control Action Global
Forward Action (From > To) None
Traffic Management
Reverse Action (To > From) None
Scheduling Schedule Action Always On
Comment Policy added on 2023-07-14T09:43:03+02:00.
Advanced
Use policy-based ICMP error handling Disabled

2-4 Aliases

Alias
Alias Name Interface User Address Tunnel Description
Firebox Firebox Any 0.0.0.0 All local traffic associated with the Firebox
Any-External Any-External Any 0.0.0.0 All traffic associated with external interfaces
Any-Trusted Any-Trusted Any 0.0.0.0 All traffic associated with trusted interfaces
Any-Optional Any-Optional Any 0.0.0.0 All traffic associated with optional interfaces
Any-BOVPN Any-BOVPN Any 0.0.0.0 X All traffic associated with BOVPN
Any-Multicast Any-Multicast Any 0.0.0.0 All traffic associated with multicast protocols
S+S LAN S+S LAN Any 0.0.0.0 Built-in alias

44 von 79 26.11.23, 08:37

Firebox Configuration Report https://172.17.0.7:8080/system/configuration

S+S DMZ S+S DMZ Any 0.0.0.0 Built-in alias

DMZ-WLAN DMZ-WLAN Any 0.0.0.0 Built-in alias
IPPhone IPPhone Any 0.0.0.0 Built-in alias
T-Com_WAN T-Com_WAN Any 0.0.0.0 Built-in alias
SuS_Labor SuS_Labor Any 0.0.0.0 Built-in alias
Funk-Scan-Kiosk-DMZ Funk-Scan-Kiosk-DMZ Any 0.0.0.0 Built-in alias
Guest Guest Any 0.0.0.0 Built-in alias
Management Management Any 0.0.0.0 Built-in alias
Any Any 172.17.22.131
Any Any 172.17.22.61
Admin-PC Any Any 172.17.22.155
Any Any 172.17.22.156
Any Any AS400W10.bb.schillseilacher.de
Any Any 172.17.22.155
Any Any 172.17.22.61
Admin-PC-Alle Any Any 172.17.22.131
Any Any 172.17.22.156
Any Any 172.17.22.90
Any Any lt1083.bb.schillseilacher.de
BCD Travel User Any Any pc090.bb.schillseilacher.de
Any Any tiso.bb.schillseilacher.de
Any Any 172.17.1.150 SAN_IVO und SAN_VW2
Compellent
Any Any 172.17.1.155 SAN_IVO und SAN_VW2
Any Any 76.164.8.136
Any Any 143.166.135.120
Any Any 143.166.147.96
Any Any 143.166.135.19
DELL_Supp_assi_port
Any Any 143.166.147.73
Any Any 76.164.8.174
Any Any 76.164.8.173
Any Any 76.164.8.175
DarkTrace_Netz Any Any 10.0.91.16
Any Any 172.17.0.2
Any Any 172.17.0.43
Domino-SRV
Any Any 172.17.0.35
Any Any 172.17.0.55
Any Any 172.17.1.1 - 172.17.1.254
ESX_SC_Supp_assi
Any Any 172.17.0.59
Any Any 40.92.0.0
Any Any 40.107.0.0
Any Any 52.100.0.0
Any Any 52.238.78.88
Any Any 104.47.0.0
Any Any 13.107.6.152
Any Any 13.107.18.10
Any Any 13.107.128.0
ExchangeOnline-IP-Bereich
Any Any 23.103.160.0
Any Any 40.96.0.0
Any Any 40.104.0.0
Any Any 52.96.0.0
Any Any 131.253.33.215
Any Any 132.254.0.0
Any Any 150.171.32.0
Any Any 204.79.197.215
Interne Server Any Any 172.17.0.0 Interne Dienste Server
KIOSKPC Any Any 172.17.24.1 - 172.17.24.20
Any Any LT1056.bb.schillseilacher.de
Any Any LT1039.bb.schillseilacher.de
MuK Any Any PC1133.bb.schillseilacher.de
Any Any pc1150.bb.schillseilacher.de
Any Any lt1049.bb.schillseilacher.de
Any Any LT1026.bb.schillseilacher.de
PNA_Port_Freigabe
Any Any 172.31.252.0
SUS_DMZ Any Any 192.168.200.0 IP-Kreis SUS-DMZ-BB
Any Any 172.17.0.0 IP-kreis SUS-LAN-BB
SUS_LAN
DarkTrace_Netz (Alias) Alias DarkTrace_Netz (Alias) IP-kreis SUS-LAN-BB
Any Any 172.16.0.0 SUS Server Boeblingen Hamburg Pirna
SuS Server Any Any 172.17.0.0 SUS Server Boeblingen Hamburg Pirna
Any Any 172.18.0.0 SUS Server Boeblingen Hamburg Pirna
Any Any 192.17.1.0 Labor Netzwerk
SuS-Labor
SuS_Labor (Alias) Alias SuS_Labor (Alias) Labor Netzwerk
externer Server Any Any 11.111.111.111 Dienste fuer externe Benutzer
Any Any 172.31.254.1 - 172.31.254.254 Switch netz
vLan_99
Any Any 10.0.91.16 Switch netz
Any Any 172.17.22.155
Any Any 172.17.22.61
Any Any 172.17.22.131
zugriff-Firewall Any Any 172.17.0.9
Any Any 172.17.0.77
Any Any 172.17.23.155
Any Any 172.17.0.96

2-5 Proxy Action

DNS-Incoming
Proxy Name [ Proxy Type ] DNS-Incoming [ DNS ]
Logging For Reports Disabled
Diagnostics Override Level Disabled

Protocol Anomaly Detection Rules

Rule Action Alarm Log
Not of Class Internet Deny Disabled Enabled
Badly Formatted Query Deny Disabled Enabled

DNS-Outgoing
Proxy Name [ Proxy Type ] DNS-Outgoing [ DNS ]
Logging For Reports Disabled
Diagnostics Override Level Disabled

Protocol Anomaly Detection Rules

Rule Action Alarm Log
Not of Class Internet Deny Disabled Enabled
Badly Formatted Query Deny Disabled Enabled

Explicit-Web.Standard
Proxy Name [ Proxy Type ] Explicit-Web.Standard [ HTTP ]
AntiVirus [ Disabled ]
Data Loss Prevention [ Disabled ]
Features Reputation Enabled Defense [ Enabled ]
WebBlocker [ Disabled ]
APT Blocker [ Disabled ]
Request Connection Idle Timeout 10 minutes
Response Connection Idle Timeout 10 minutes
Request Maximum URL Path Length 4096 bytes
Response Maximum Line Length 4096 bytes
Response Maximum Total Length Disabled
Allow Range Request Through Unmodified Enabled [ Logged ]
Enforce Safe Search Disabled
YouTube For Schools Disabled
Logging For Reports Enabled
Diagnostics Override Level Disabled

Content Type [ HTTP Response ]

Status Action Name Match Type Value Certificate Alarm Log

45 von 79 26.11.23, 08:37

Firebox Configuration Report https://172.17.0.7:8080/system/configuration

Enabled Allow HTTP-tunnelled RTSP stream types String application/x-rtsp-tunnelled N/A Disabled Disabled
Enabled Allow All XML application types Pattern application/*xml* N/A Disabled Disabled
Enabled Allow All application types Pattern application/* N/A Disabled Disabled
Enabled Allow All audio types Pattern audio/* N/A Disabled Disabled
Enabled Allow All font types Pattern font/* N/A Disabled Disabled
Enabled Allow All image types Pattern image/* N/A Disabled Disabled
Enabled Allow All encapsulated message types Pattern message/* N/A Disabled Disabled
Enabled Allow All model types Pattern model/* N/A Disabled Disabled
Enabled Allow All multipart types Pattern multipart/* N/A Disabled Disabled
Enabled Allow All text types Pattern text/* N/A Disabled Disabled
Enabled Allow All video types Pattern video/* N/A Disabled Disabled
Disabled Allow Missing or empty String N/A Disabled Disabled
Action to take if no rule above is matched Allow
Certificate N/A
Alarm Enabled
Log Disabled

FTP-Client.Standard
Proxy Name [ Proxy Type ] FTP-Client.Standard [ FTP ]
AntiVirus [ Disabled ]
Features Data Loss Prevention [ Disabled ]
APT Blocker [ Disabled ]
Maximum Username Length 64 bytes
Maximum Password Length 32 bytes
Maximum File Name Length 1024 bytes
Maximum Command Line Length 1030 bytes
Maximum Number of Failed Logins Per Connection 6 bytes
Logging For Reports Enabled
Diagnostics Override Level Disabled

Download
Status Action Name Match Type Value Certificate Alarm Log
Enabled Allow *.cab Pattern *.cab N/A Disabled Enabled
Enabled Allow *.com Pattern *.com N/A Disabled Enabled
Enabled Allow *.dll Pattern *.dll N/A Disabled Enabled
Enabled Allow *.exe Pattern *.exe N/A Disabled Enabled
Enabled Allow *.zip Pattern *.zip N/A Disabled Enabled
Action to take if no rule above is matched Allow
Certificate N/A
Alarm Disabled
Log Disabled

FTP-Client
Proxy Name [ Proxy Type ] FTP-Client [ FTP ]
AntiVirus [ Disabled ]
Features Data Loss Prevention [ Disabled ]
APT Blocker [ Disabled ]
Maximum Username Length 64 bytes
Maximum Password Length 32 bytes
Maximum File Name Length 1024 bytes
Maximum Command Line Length 1030 bytes
Maximum Number of Failed Logins Per Connection 6 bytes
Logging For Reports Disabled
Diagnostics Override Level Disabled

Download
Status Action Name Match Type Value Certificate Alarm Log
Enabled Deny *.cab Pattern *.cab N/A Disabled Enabled
Enabled Deny *.com Pattern *.com N/A Disabled Enabled
Enabled Deny *.dll Pattern *.dll N/A Disabled Enabled
Enabled Deny *.exe Pattern *.exe N/A Disabled Enabled
Enabled Deny *.zip Pattern *.zip N/A Disabled Enabled
Action to take if no rule above is matched Allow
Certificate N/A
Alarm Disabled
Log Disabled

FTP-Server.Standard
Proxy Name [ Proxy Type ] FTP-Server.Standard [ FTP ]
AntiVirus [ Disabled ]
Features Data Loss Prevention [ Disabled ]
APT Blocker [ Disabled ]
Maximum Username Length 64 bytes
Maximum Password Length 32 bytes
Maximum File Name Length 1024 bytes
Maximum Command Line Length 1030 bytes
Maximum Number of Failed Logins Per Connection 6 bytes
Logging For Reports Enabled
Diagnostics Override Level Disabled

FTP-Server
Proxy Name [ Proxy Type ] FTP-Server [ FTP ]
AntiVirus [ Disabled ]
Features Data Loss Prevention [ Disabled ]
APT Blocker [ Disabled ]
Maximum Username Length 64 bytes
Maximum Password Length 32 bytes
Maximum File Name Length 1024 bytes
Maximum Command Line Length 1030 bytes
Maximum Number of Failed Logins Per Connection 6 bytes
Logging For Reports Disabled
Diagnostics Override Level Disabled

H.323-Client
Proxy Name [ Proxy Type ] H.323-Client [ H.323 ]
Directory Harvesting Protection Enabled
Maximum Number of Sessions Allowed Per Call Enabled
Rewrite User Agent Disabled
Idle Media Channels 15 minutes
Access Control Disabled
Logging For Reports Enabled
Diagnostics Override Level Disabled

HTTP-Client.1
Proxy Name [ Proxy Type ] HTTP-Client.1 [ HTTP ]
AntiVirus [ Enabled ]
Data Loss Prevention [ Disabled ]
Features Reputation Enabled Defense [ Disabled ]
WebBlocker [ Enabled - WebBlocker.5 ]
APT Blocker [ Enabled ]
Request Connection Idle Timeout 10 minutes
Response Connection Idle Timeout 10 minutes
Request Maximum URL Path Length Disabled
Response Maximum Line Length 4096 bytes
Response Maximum Total Length Disabled
Allow Range Request Through Unmodified Enabled [ Logged ]

46 von 79 26.11.23, 08:37

Firebox Configuration Report https://172.17.0.7:8080/system/configuration

Enforce Safe Search Disabled

YouTube For Schools Disabled
Logging For Reports Disabled
Diagnostics Override Level Disabled

URL Paths [ HTTP Request ]

Status Action Name Match Type Value Certificate Alarm Log
Enabled AV Scan * IPv4 Address * N/A Disabled Disabled
Action to take if no rule above is matched
Certificate N/A
Alarm Disabled
Log Disabled

Content Type [ HTTP Response ]

Status Action Name Match Type Value Certificate Alarm Log
Enabled AV Scan text/* Pattern text/* N/A Disabled Disabled
Enabled AV Scan image/* Pattern image/* N/A Disabled Disabled
Enabled AV Scan application/pdf String application/pdf N/A Disabled Disabled
Enabled AV Scan application/x-javascript String application/x-javascript N/A Disabled Disabled
Enabled AV Scan application/x-shockwave-flash String application/x-shockwave-flash N/A Disabled Disabled
Enabled AV Scan application/*xml* Pattern application/*xml* N/A Disabled Disabled
Enabled AV Scan application/x-httpd-* Pattern application/x-httpd-* N/A Disabled Disabled
Enabled AV Scan httpd/* Pattern httpd/* N/A Disabled Disabled
Enabled AV Scan application/* Pattern application/* N/A Disabled Disabled
Enabled AV Scan application/rtf Pattern application/rtf N/A Disabled Disabled
Enabled AV Scan video/mp4 Pattern video/mp4 N/A Disabled Disabled
Enabled AV Scan dynamo-internal/jsp Pattern dynamo-internal/jsp N/A Disabled Disabled
Enabled AV Scan binary/octet-stream Pattern binary/octet-stream N/A Disabled Disabled
Enabled AV Scan audio/x-wav Pattern audio/x-wav N/A Disabled Disabled
Enabled AV Scan audio/mpeg Pattern audio/mpeg N/A Disabled Disabled
Enabled AV Scan video/x-ms-asf Pattern video/x-ms-asf N/A Disabled Disabled
Enabled AV Scan video/x-flv Pattern video/x-flv N/A Disabled Disabled
Enabled AV Scan multipart/* Pattern multipart/* N/A Disabled Disabled
Enabled AV Scan video/x-ms-wmv Pattern video/x-ms-wmv N/A Disabled Disabled
Enabled AV Scan file/unknown Pattern file/unknown N/A Disabled Disabled
Enabled AV Scan x-application/octet-stream Pattern x-application/octet-stream N/A Disabled Disabled
Enabled AV Scan Ekato/file Pattern Ekato/file N/A Disabled Disabled
Enabled AV Scan application-x/force-download Pattern application-x/force-download N/A Disabled Disabled
Enabled AV Scan appliction/octet-stream Pattern appliction/octet-stream N/A Disabled Disabled
Action to take if no rule above is matched Deny
Certificate N/A
Alarm Enabled
Log Disabled

HTTP-Client.KIOSKPC
Proxy Name [ Proxy Type ] HTTP-Client.KIOSKPC [ HTTP ]
AntiVirus [ Enabled ]
Data Loss Prevention [ Disabled ]
Features Reputation Enabled Defense [ Enabled ]
WebBlocker [ Enabled - WebBlocker.KIOSKPC ]
APT Blocker [ Enabled ]
Request Connection Idle Timeout 10 minutes
Response Connection Idle Timeout 10 minutes
Request Maximum URL Path Length 4096 bytes
Response Maximum Line Length 4096 bytes
Response Maximum Total Length Disabled
Allow Range Request Through Unmodified Enabled [ Logged ]
Enforce Safe Search Disabled
YouTube For Schools Disabled
Logging For Reports Enabled
Diagnostics Override Level Disabled

Content Type [ HTTP Response ]

Status Action Name Match Type Value Certificate Alarm Log
Enabled AV Scan text/* Pattern text/* N/A Disabled Disabled
Enabled AV Scan image/* Pattern image/* N/A Disabled Disabled
Enabled AV Scan audio/* Pattern audio/* N/A Disabled Disabled
Enabled AV Scan application/pdf String application/pdf N/A Disabled Disabled
Enabled AV Scan application/x-javascript String application/x-javascript N/A Disabled Disabled
Enabled AV Scan application/x-shockwave-flash String application/x-shockwave-flash N/A Disabled Disabled
Enabled AV Scan application/*xml* Pattern application/*xml* N/A Disabled Disabled
Enabled AV Scan application/x-httpd-* Pattern application/x-httpd-* N/A Disabled Disabled
Enabled AV Scan httpd/* Pattern httpd/* N/A Disabled Disabled
Enabled AV Scan application/x-rtsp-tunnelled Pattern application/x-rtsp-tunnelled N/A Disabled Disabled
Enabled AV Scan application/* Pattern application/* N/A Disabled Disabled
Action to take if no rule above is matched
Certificate N/A
Alarm Enabled
Log Disabled

HTTP-Client.Standard.1
Proxy Name [ Proxy Type ] HTTP-Client.Standard.1 [ HTTP ]
AntiVirus [ Enabled ]
Data Loss Prevention [ Disabled ]
Features Reputation Enabled Defense [ Disabled ]
WebBlocker [ Enabled - WebBlocker.5 ]
APT Blocker [ Enabled ]
Request Connection Idle Timeout 10 minutes
Response Connection Idle Timeout 10 minutes
Request Maximum URL Path Length Disabled
Response Maximum Line Length 4096 bytes
Response Maximum Total Length Disabled
Allow Range Request Through Unmodified Enabled [ Logged ]
Enforce Safe Search Disabled
YouTube For Schools Disabled
Logging For Reports Enabled
Diagnostics Override Level Disabled

URL Paths [ HTTP Request ]

Status Action Name Match Type Value Certificate Alarm Log
Enabled AV Scan * IPv4 Address * N/A Disabled Disabled
Action to take if no rule above is matched
Certificate N/A
Alarm Disabled
Log Disabled

Content Type [ HTTP Response ]

Status Action Name Match Type Value Certificate Alarm Log
Enabled AV Scan text/* Pattern text/* N/A Disabled Disabled
Enabled AV Scan image/* Pattern image/* N/A Disabled Disabled
Enabled AV Scan application/pdf String application/pdf N/A Disabled Disabled
Enabled AV Scan application/x-javascript String application/x-javascript N/A Disabled Disabled
Enabled AV Scan application/x-shockwave-flash String application/x-shockwave-flash N/A Disabled Disabled

47 von 79 26.11.23, 08:37

Firebox Configuration Report https://172.17.0.7:8080/system/configuration

Enabled AV Scan application/*xml* Pattern application/*xml* N/A Disabled Disabled

Enabled AV Scan application/x-httpd-* Pattern application/x-httpd-* N/A Disabled Disabled
Enabled AV Scan httpd/* Pattern httpd/* N/A Disabled Disabled
Enabled AV Scan application/* Pattern application/* N/A Disabled Disabled
Enabled AV Scan application/rtf Pattern application/rtf N/A Disabled Disabled
Enabled AV Scan video/mp4 Pattern video/mp4 N/A Disabled Disabled
Enabled AV Scan dynamo-internal/jsp Pattern dynamo-internal/jsp N/A Disabled Disabled
Enabled AV Scan binary/octet-stream Pattern binary/octet-stream N/A Disabled Disabled
Enabled AV Scan audio/x-wav Pattern audio/x-wav N/A Disabled Disabled
Enabled AV Scan audio/mpeg Pattern audio/mpeg N/A Disabled Disabled
Enabled AV Scan video/x-ms-asf Pattern video/x-ms-asf N/A Disabled Disabled
Enabled AV Scan video/x-flv Pattern video/x-flv N/A Disabled Disabled
Enabled AV Scan multipart/* Pattern multipart/* N/A Disabled Disabled
Enabled AV Scan video/x-ms-wmv Pattern video/x-ms-wmv N/A Disabled Disabled
Enabled AV Scan file/unknown Pattern file/unknown N/A Disabled Disabled
Enabled AV Scan x-application/octet-stream Pattern x-application/octet-stream N/A Disabled Disabled
Enabled AV Scan Ekato/file Pattern Ekato/file N/A Disabled Disabled
Enabled AV Scan application-x/force-download Pattern application-x/force-download N/A Disabled Disabled
Enabled AV Scan appliction/octet-stream Pattern appliction/octet-stream N/A Disabled Disabled
Action to take if no rule above is matched Deny
Certificate N/A
Alarm Enabled
Log Disabled

HTTP-Client.Standard
Proxy Name [ Proxy Type ] HTTP-Client.Standard [ HTTP ]
AntiVirus [ Disabled ]
Data Loss Prevention [ Disabled ]
Features Reputation Enabled Defense [ Enabled ]
WebBlocker [ Disabled ]
APT Blocker [ Disabled ]
Request Connection Idle Timeout 10 minutes
Response Connection Idle Timeout 10 minutes
Request Maximum URL Path Length 4096 bytes
Response Maximum Line Length 4096 bytes
Response Maximum Total Length Disabled
Allow Range Request Through Unmodified Enabled [ Logged ]
Enforce Safe Search Disabled
YouTube For Schools Disabled
Logging For Reports Enabled
Diagnostics Override Level Disabled

Content Type [ HTTP Response ]

Status Action Name Match Type Value Certificate Alarm Log
Enabled Allow HTTP-tunnelled RTSP stream types String application/x-rtsp-tunnelled N/A Disabled Disabled
Enabled Allow All XML application types Pattern application/*xml* N/A Disabled Disabled
Enabled Allow All application types Pattern application/* N/A Disabled Disabled
Enabled Allow All audio types Pattern audio/* N/A Disabled Disabled
Enabled Allow All font types Pattern font/* N/A Disabled Disabled
Enabled Allow All image types Pattern image/* N/A Disabled Disabled
Enabled Allow All encapsulated message types Pattern message/* N/A Disabled Disabled
Enabled Allow All model types Pattern model/* N/A Disabled Disabled
Enabled Allow All multipart types Pattern multipart/* N/A Disabled Disabled
Enabled Allow All text types Pattern text/* N/A Disabled Disabled
Enabled Allow All video types Pattern video/* N/A Disabled Disabled
Disabled Allow Missing or empty String N/A Disabled Disabled
Action to take if no rule above is matched Allow
Certificate N/A
Alarm Enabled
Log Disabled

HTTP-Client.Wachter
Proxy Name [ Proxy Type ] HTTP-Client.Wachter [ HTTP ]
AntiVirus [ Enabled ]
Data Loss Prevention [ Disabled ]
Features Reputation Enabled Defense [ Enabled ]
WebBlocker [ Enabled - WebBlocker.MUK ]
APT Blocker [ Enabled ]
Request Connection Idle Timeout 10 minutes
Response Connection Idle Timeout 10 minutes
Request Maximum URL Path Length 4096 bytes
Response Maximum Line Length 4096 bytes
Response Maximum Total Length Disabled
Allow Range Request Through Unmodified Enabled [ Logged ]
Enforce Safe Search Disabled
YouTube For Schools Disabled
Logging For Reports Enabled
Diagnostics Override Level Disabled

Content Type [ HTTP Response ]

Status Action Name Match Type Value Certificate Alarm Log
Enabled AV Scan text/* Pattern text/* N/A Disabled Disabled
Enabled AV Scan image/* Pattern image/* N/A Disabled Disabled
Enabled AV Scan audio/* Pattern audio/* N/A Disabled Disabled
Enabled AV Scan application/pdf String application/pdf N/A Disabled Disabled
Enabled AV Scan application/x-javascript String application/x-javascript N/A Disabled Disabled
Enabled AV Scan application/x-shockwave-flash String application/x-shockwave-flash N/A Disabled Disabled
Enabled AV Scan application/*xml* Pattern application/*xml* N/A Disabled Disabled
Enabled AV Scan application/x-httpd-* Pattern application/x-httpd-* N/A Disabled Disabled
Enabled AV Scan httpd/* Pattern httpd/* N/A Disabled Disabled
Enabled AV Scan application/x-rtsp-tunnelled Pattern application/x-rtsp-tunnelled N/A Disabled Disabled
Enabled AV Scan application/* Pattern application/* N/A Disabled Disabled
Action to take if no rule above is matched
Certificate N/A
Alarm Enabled
Log Disabled

HTTP-Client
Proxy Name [ Proxy Type ] HTTP-Client [ HTTP ]
AntiVirus [ Disabled ]
Data Loss Prevention [ Disabled ]
Features Reputation Enabled Defense [ Enabled ]
WebBlocker [ Disabled ]
APT Blocker [ Disabled ]
Request Connection Idle Timeout 10 minutes
Response Connection Idle Timeout 10 minutes
Request Maximum URL Path Length 2048 bytes
Response Maximum Line Length 4096 bytes
Response Maximum Total Length Disabled
Allow Range Request Through Unmodified Enabled [ Logged ]
Enforce Safe Search Disabled
YouTube For Schools Disabled
Logging For Reports Disabled
Diagnostics Override Level Disabled

48 von 79 26.11.23, 08:37

Firebox Configuration Report https://172.17.0.7:8080/system/configuration

Content Type [ HTTP Response ]

Status Action Name Match Type Value Certificate Alarm Log
Enabled Allow HTTP-tunnelled RTSP stream types String application/x-rtsp-tunnelled N/A Disabled Disabled
Enabled Allow All XML application types Pattern application/*xml* N/A Disabled Disabled
Enabled Allow All application types Pattern application/* N/A Disabled Disabled
Enabled Allow All audio types Pattern audio/* N/A Disabled Disabled
Enabled Allow All font types Pattern font/* N/A Disabled Disabled
Enabled Allow All image types Pattern image/* N/A Disabled Disabled
Enabled Allow All encapsulated message types Pattern message/* N/A Disabled Disabled
Enabled Allow All model types Pattern model/* N/A Disabled Disabled
Enabled Allow All multipart types Pattern multipart/* N/A Disabled Disabled
Enabled Allow All text types Pattern text/* N/A Disabled Disabled
Enabled Allow All video types Pattern video/* N/A Disabled Disabled
Disabled Allow Missing or empty String N/A Disabled Disabled
Action to take if no rule above is matched Deny
Certificate N/A
Alarm Enabled
Log Disabled

HTTP-Client_GLG
Proxy Name [ Proxy Type ] HTTP-Client_GLG [ HTTP ]
AntiVirus [ Enabled ]
Data Loss Prevention [ Disabled ]
Features Reputation Enabled Defense [ Disabled ]
WebBlocker [ Disabled ]
APT Blocker [ Enabled ]
Request Connection Idle Timeout 10 minutes
Response Connection Idle Timeout 10 minutes
Request Maximum URL Path Length 4096 bytes
Response Maximum Line Length 4096 bytes
Response Maximum Total Length Disabled
Allow Range Request Through Unmodified Enabled [ Logged ]
Enforce Safe Search Disabled
YouTube For Schools Disabled
Logging For Reports Enabled
Diagnostics Override Level Disabled

Content Type [ HTTP Response ]

Status Action Name Match Type Value Certificate Alarm Log
Enabled AV Scan text/* Pattern text/* N/A Disabled Disabled
Enabled AV Scan image/* Pattern image/* N/A Disabled Disabled
Enabled AV Scan audio/* Pattern audio/* N/A Disabled Disabled
Enabled AV Scan application/pdf String application/pdf N/A Disabled Disabled
Enabled AV Scan application/x-javascript String application/x-javascript N/A Disabled Disabled
Enabled AV Scan application/x-shockwave-flash String application/x-shockwave-flash N/A Disabled Disabled
Enabled AV Scan application/*xml* Pattern application/*xml* N/A Disabled Disabled
Enabled AV Scan application/x-httpd-* Pattern application/x-httpd-* N/A Disabled Disabled
Enabled AV Scan httpd/* Pattern httpd/* N/A Disabled Disabled
Enabled AV Scan application/x-rtsp-tunnelled Pattern application/x-rtsp-tunnelled N/A Disabled Disabled
Enabled AV Scan application/* Pattern application/* N/A Disabled Disabled
Enabled AV Scan application/rtf Pattern application/rtf N/A Disabled Disabled
Enabled AV Scan video/mp4 Pattern video/mp4 N/A Disabled Disabled
Enabled AV Scan dynamo-internal/jsp Pattern dynamo-internal/jsp N/A Disabled Disabled
Enabled AV Scan binary/octet-stream Pattern binary/octet-stream N/A Disabled Disabled
Enabled AV Scan audio/x-wav Pattern audio/x-wav N/A Disabled Disabled
Enabled AV Scan audio/mpeg Pattern audio/mpeg N/A Disabled Disabled
Enabled AV Scan video/x-ms-asf Pattern video/x-ms-asf N/A Disabled Disabled
Enabled AV Scan video/x-flv Pattern video/x-flv N/A Disabled Disabled
Enabled AV Scan multipart/* Pattern multipart/* N/A Disabled Disabled
Enabled AV Scan file/unknown Pattern file/unknown N/A Disabled Disabled
Enabled AV Scan x-application/octet-stream Pattern x-application/octet-stream N/A Disabled Disabled
Enabled AV Scan Ekato/file Pattern Ekato/file N/A Disabled Disabled
Enabled AV Scan application-x/force-download Pattern application-x/force-download N/A Disabled Disabled
Enabled AV Scan application/octet-stream Pattern application/octet-stream N/A Disabled Disabled
Action to take if no rule above is matched
Certificate N/A
Alarm Enabled
Log Disabled

HTTP-Server.Standard
Proxy Name [ Proxy Type ] HTTP-Server.Standard [ HTTP ]
AntiVirus [ Disabled ]
Data Loss Prevention [ Disabled ]
Features Reputation Enabled Defense [ Enabled ]
WebBlocker [ Disabled ]
APT Blocker [ Disabled ]
Request Connection Idle Timeout 10 minutes
Response Connection Idle Timeout 10 minutes
Request Maximum URL Path Length 2048 bytes
Response Maximum Line Length Disabled
Response Maximum Total Length Disabled
Allow Range Request Through Unmodified Disabled
Enforce Safe Search Disabled
YouTube For Schools Disabled
Logging For Reports Enabled
Diagnostics Override Level Disabled

HTTP-Server
Proxy Name [ Proxy Type ] HTTP-Server [ HTTP ]
AntiVirus [ Disabled ]
Data Loss Prevention [ Disabled ]
Features Reputation Enabled Defense [ Enabled ]
WebBlocker [ Disabled ]
APT Blocker [ Disabled ]
Request Connection Idle Timeout 10 minutes
Response Connection Idle Timeout 10 minutes
Request Maximum URL Path Length 2048 bytes
Response Maximum Line Length Disabled
Response Maximum Total Length Disabled
Allow Range Request Through Unmodified Enabled [ Logged ]
Enforce Safe Search Disabled
YouTube For Schools Disabled
Logging For Reports Disabled
Diagnostics Override Level Disabled

HTTP-Virusscan
Proxy Name [ Proxy Type ] HTTP-Virusscan [ HTTP ]
AntiVirus [ Disabled ]
Data Loss Prevention [ Disabled ]
Features Reputation Enabled Defense [ Disabled ]
WebBlocker [ Disabled ]
APT Blocker [ Disabled ]
Request Connection Idle Timeout Disabled
Response Connection Idle Timeout Disabled

49 von 79 26.11.23, 08:37

Firebox Configuration Report https://172.17.0.7:8080/system/configuration

Request Maximum URL Path Length Disabled

Response Maximum Line Length Disabled
Response Maximum Total Length Disabled
Allow Range Request Through Unmodified Disabled
Enforce Safe Search Disabled
YouTube For Schools Disabled
Logging For Reports Enabled
Diagnostics Override Level Disabled

HTTPS-AVScanner
Proxy Name [ Proxy Type ] HTTPS-AVScanner [ HTTPS ]
Features WebBlocker [ Disabled ]
Connection Idle Timeout Disabled
TLS-Profile TLS-Server-HTTPS.Standard.2
Restrict Google Apps to Allowed Domains Disabled
Logging For Reports Disabled
Diagnostics Override Level Disabled

HTTPS-Client.1
Proxy Name [ Proxy Type ] HTTPS-Client.1 [ HTTPS ]
Features WebBlocker [ Enabled - WebBlocker.5 ]
Connection Idle Timeout 10 minutes
TLS-Profile TLS-Client-HTTPS.Standard.1
Restrict Google Apps to Allowed Domains Disabled
Logging For Reports Disabled
Diagnostics Override Level Disabled

Domain Names
Status Action Name Match Type Value Certificate Alarm Log
Enabled Allow download.websense.com Pattern download.websense.com N/A Disabled Disabled
Enabled Allow *.knowbe4.com Pattern *.knowbe4.com N/A Disabled Disabled
Action to take if no rule above is matched Allow
Certificate N/A
Alarm Disabled
Log Disabled

HTTPS-Client.2
Proxy Name [ Proxy Type ] HTTPS-Client.2 [ HTTPS ]
Features WebBlocker [ Enabled - WebBlocker.5 ]
Connection Idle Timeout 10 minutes
TLS-Profile TLS-Client-HTTPS.Standard.1
Restrict Google Apps to Allowed Domains Disabled
Logging For Reports Disabled
Diagnostics Override Level Disabled

Domain Names
Status Action Name Match Type Value Certificate Alarm Log
Enabled Allow download.websense.com Pattern download.websense.com N/A Disabled Disabled
Enabled Allow *.knowbe4.com Pattern *.knowbe4.com N/A Disabled Disabled
Action to take if no rule above is matched Allow
Certificate N/A
Alarm Disabled
Log Disabled

HTTPS-Client.KIOSKPC
Proxy Name [ Proxy Type ] HTTPS-Client.KIOSKPC [ HTTPS ]
Features WebBlocker [ Enabled - WebBlocker.KIOSKPC ]
Connection Idle Timeout 10 minutes
TLS-Profile TLS-Client-HTTPS.Standard
Restrict Google Apps to Allowed Domains Disabled
Logging For Reports Enabled
Diagnostics Override Level Disabled

Domain Names
Status Action Name Match Type Value Certificate Alarm Log
Enabled Allow WatchGuard Services Pattern *.watchguard.com N/A Disabled Disabled
Enabled Allow download.websense.com Pattern download.websense.com N/A Disabled Disabled
Enabled Allow *.knowbe4.com Pattern *.knowbe4.com N/A Disabled Disabled
Action to take if no rule above is matched Allow
Certificate N/A
Alarm Disabled
Log Disabled

HTTPS-Client.Standard
Proxy Name [ Proxy Type ] HTTPS-Client.Standard [ HTTPS ]
Features WebBlocker [ Disabled ]
Connection Idle Timeout 10 minutes
TLS-Profile TLS-Client-HTTPS.Standard
Restrict Google Apps to Allowed Domains Disabled
Logging For Reports Enabled
Diagnostics Override Level Disabled

Domain Names
Status Action Name Match Type Value Certificate Alarm Log
Enabled Allow WatchGuard Services Pattern *.watchguard.com N/A Disabled Disabled
Enabled Allow *.cloudwifi.com Pattern *.cloudwifi.com N/A Disabled Disabled
Enabled Allow redirector.online.spectraguard.net Pattern redirector.online.spectraguard.net N/A Disabled Disabled
Enabled Allow download.websense.com Pattern download.websense.com N/A Disabled Disabled
Enabled Allow *.knowbe4.com Pattern *.knowbe4.com N/A Disabled Disabled
Action to take if no rule above is matched Allow
Certificate N/A
Alarm Disabled
Log Disabled

HTTPS-Client.Wachter
Proxy Name [ Proxy Type ] HTTPS-Client.Wachter [ HTTPS ]
Features WebBlocker [ Enabled - WebBlocker.MUK ]
Connection Idle Timeout 10 minutes
TLS-Profile TLS-Client-HTTPS.Standard
Restrict Google Apps to Allowed Domains Disabled
Logging For Reports Enabled
Diagnostics Override Level Disabled

Domain Names
Status Action Name Match Type Value Certificate Alarm Log
Enabled Allow WatchGuard Services Pattern *.watchguard.com N/A Disabled Disabled
Enabled Allow download.websense.com Pattern download.websense.com N/A Disabled Disabled
Enabled Allow *.knowbe4.com Pattern *.knowbe4.com N/A Disabled Disabled

50 von 79 26.11.23, 08:37

Firebox Configuration Report https://172.17.0.7:8080/system/configuration

Action to take if no rule above is matched Allow

Certificate N/A
Alarm Disabled
Log Disabled

HTTPS-Client
Proxy Name [ Proxy Type ] HTTPS-Client [ HTTPS ]
Features WebBlocker [ Disabled ]
Connection Idle Timeout 10 minutes
TLS-Profile TLS-Client-HTTPS.Standard
Restrict Google Apps to Allowed Domains Disabled
Logging For Reports Disabled
Diagnostics Override Level Disabled

Domain Names
Status Action Name Match Type Value Certificate Alarm Log
Enabled Allow WatchGuard Services Pattern *.watchguard.com N/A Disabled Enabled
Enabled Allow download.websense.com Pattern download.websense.com N/A Disabled Disabled
Action to take if no rule above is matched Allow
Certificate N/A
Alarm Disabled
Log Disabled

HTTPS-Client_GLG
Proxy Name [ Proxy Type ] HTTPS-Client_GLG [ HTTPS ]
Features WebBlocker [ Disabled ]
Connection Idle Timeout 10 minutes
TLS-Profile TLS-Client-HTTPS.Standard
Restrict Google Apps to Allowed Domains Disabled
Logging For Reports Enabled
Diagnostics Override Level Disabled

Domain Names
Status Action Name Match Type Value Certificate Alarm Log
Enabled Allow WatchGuard Services Pattern *.watchguard.com N/A Disabled Disabled
Enabled Allow *.mojonetworks.com Pattern *.mojonetworks.com N/A Disabled Disabled
Enabled Allow *.cloudwifi.com Pattern *.cloudwifi.com N/A Disabled Disabled
Enabled Allow redirector.online.spectraguard.net Pattern redirector.online.spectraguard.net N/A Disabled Disabled
Enabled Allow *.airtightnetworks.com Pattern *.airtightnetworks.com N/A Disabled Disabled
Enabled Allow download.websense.com Pattern download.websense.com N/A Disabled Disabled
Enabled Allow *.knowbe4.com Pattern *.knowbe4.com N/A Disabled Disabled
Action to take if no rule above is matched Allow
Certificate N/A
Alarm Disabled
Log Disabled

HTTPS-Server-MobileIron in DMZ
Proxy Name [ Proxy Type ] HTTPS-Server-MobileIron in DMZ [ HTTPS ]
Features WebBlocker [ Disabled ]
Connection Idle Timeout 10 minutes
TLS-Profile TLS-Server.Standard
Restrict Google Apps to Allowed Domains Disabled
Logging For Reports Disabled
Diagnostics Override Level Disabled

Domain Names
Status Action Name Match Type Value Certificate Alarm Log
Enabled Allow mdc2 Pattern mdc2.schillseilacher.de N/A Disabled Disabled
Action to take if no rule above is matched Allow
Certificate N/A
Alarm Disabled
Log Disabled

HTTPS-Server.Domino.in.DMZ
Proxy Name [ Proxy Type ] HTTPS-Server.Domino.in.DMZ [ HTTPS ]
Features WebBlocker [ Disabled ]
Connection Idle Timeout 10 minutes
TLS-Profile TLS-Server.Standard
Restrict Google Apps to Allowed Domains Disabled
Logging For Reports Enabled
Diagnostics Override Level Disabled

Domain Names
Status Action Name Match Type Value Certificate Alarm Log
Enabled Allow zum Traveler Pattern traveler.schillseilacher.de N/A Disabled Disabled
Action to take if no rule above is matched Allow
Certificate N/A
Alarm Disabled
Log Disabled

HTTPS-Server.Standard
Proxy Name [ Proxy Type ] HTTPS-Server.Standard [ HTTPS ]
Features WebBlocker [ Disabled ]
Connection Idle Timeout 10 minutes
TLS-Profile TLS-Server-HTTPS.Standard
Restrict Google Apps to Allowed Domains Disabled
Logging For Reports Enabled
Diagnostics Override Level Disabled

HTTPS-Server
Proxy Name [ Proxy Type ] HTTPS-Server [ HTTPS ]
Features WebBlocker [ Disabled ]
Connection Idle Timeout 10 minutes
TLS-Profile TLS-Server-HTTPS.Standard
Restrict Google Apps to Allowed Domains Disabled
Logging For Reports Disabled
Diagnostics Override Level Disabled

IMAP-Client.Standard
Proxy Name [ Proxy Type ] IMAP-Client.Standard [ ]
AntiVirus [ Disabled ]
Features spamBlocker [ Disabled ]
Protocol Timeout 1 minute
Maximum Line Length 1000 bytes
TLS-Profile [ TLS-Client.Standard ]
TLS Action [ Allow ]
Log [ Enabled ]
STARTTLS [ Disabled ]
Capabilities TLS-Profile [ TLS-Client.Standard ]
Logging For Reports Enabled

51 von 79 26.11.23, 08:37

Firebox Configuration Report https://172.17.0.7:8080/system/configuration

Diagnostics Override Level Disabled

Attachments Content Type Rules

Status Action Name Match Type Value Certificate Alarm Log
Disabled Allow WatchGuard application types String application/x-watchguard-locked N/A Disabled Disabled
Enabled Allow All application types Pattern application/* N/A Disabled Disabled
Enabled Allow All audio types Pattern audio/* N/A Disabled Disabled
Enabled Allow All font types Pattern font/* N/A Disabled Disabled
Enabled Allow All image types Pattern image/* N/A Disabled Disabled
Enabled Allow All encapsulated message types Pattern message/* N/A Disabled Disabled
Enabled Allow All model types Pattern model/* N/A Disabled Disabled
Enabled Allow All multipart types Pattern multipart/* N/A Disabled Disabled
Enabled Allow All text types Pattern text/* N/A Disabled Disabled
Enabled Allow All video types Pattern video/* N/A Disabled Disabled
Enabled Allow Missing or empty IPv4 Address N/A Disabled Disabled
Action to take if no rule above is matched Allow
Certificate N/A
Alarm Disabled
Log Disabled

Filename Rules
Status Action Name Match Type Value Certificate Alarm Log
Enabled Allow Text files Pattern *.txt N/A Disabled Disabled
Enabled Allow Word documents Pattern *.doc N/A Disabled Disabled
Enabled Allow Excel spreadsheets Pattern *.xls N/A Disabled Disabled
Enabled Allow Missing or empty IPv4 Address N/A Disabled Disabled
Action to take if no rule above is matched Allow
Certificate N/A
Alarm Disabled
Log Disabled

IMAP-Server.Standard
Proxy Name [ Proxy Type ] IMAP-Server.Standard [ ]
AntiVirus [ Disabled ]
Features spamBlocker [ Disabled ]
Protocol Timeout 1 minute
Maximum Line Length 1000 bytes
TLS-Profile [ TLS-Server.Standard ]
TLS Action [ Allow ]
Log [ Enabled ]
STARTTLS [ Disabled ]
Capabilities TLS-Profile [ TLS-Server.Standard ]
Logging For Reports Enabled
Diagnostics Override Level Disabled

Attachments Content Type Rules

Status Action Name Match Type Value Certificate Alarm Log
Disabled Allow WatchGuard application types String application/x-watchguard-locked N/A Disabled Disabled
Enabled Allow All application types Pattern application/* N/A Disabled Disabled
Enabled Allow All audio types Pattern audio/* N/A Disabled Disabled
Enabled Allow All font types Pattern font/* N/A Disabled Disabled
Enabled Allow All image types Pattern image/* N/A Disabled Disabled
Enabled Allow All encapsulated message types Pattern message/* N/A Disabled Disabled
Enabled Allow All model types Pattern model/* N/A Disabled Disabled
Enabled Allow All multipart types Pattern multipart/* N/A Disabled Disabled
Enabled Allow All text types Pattern text/* N/A Disabled Disabled
Enabled Allow All video types Pattern video/* N/A Disabled Disabled
Enabled Allow Missing or empty IPv4 Address N/A Disabled Disabled
Action to take if no rule above is matched Allow
Certificate N/A
Alarm Disabled
Log Disabled

Filename Rules
Status Action Name Match Type Value Certificate Alarm Log
Enabled Allow Text files Pattern *.txt N/A Disabled Disabled
Enabled Allow Word documents Pattern *.doc N/A Disabled Disabled
Enabled Allow Excel spreadsheets Pattern *.xls N/A Disabled Disabled
Enabled Allow Missing or empty IPv4 Address N/A Disabled Disabled
Action to take if no rule above is matched Allow
Certificate N/A
Alarm Disabled
Log Disabled

POP3-Client.Standard
Proxy Name [ Proxy Type ] POP3-Client.Standard [ POP3 ]
AntiVirus [ Disabled ]
Features spamBlocker [ Disabled ]
Protocol Timeout 1 minute
Maximum Line Length 1000 bytes
Hide Server Replies Enabled
Uuencoded Attachments Enabled
BinHex Attachments Enabled
TLS-Profile [ TLS-Client.Standard ]
TLS Action [ Allow ]
Log [ Enabled ]
Logging For Reports Enabled
Diagnostics Override Level Disabled

POP3 Protocol
Status Action Name Match Type Value Certificate Alarm Log
Enabled Allow DIGEST-MD5 String DIGEST-MD5 N/A Disabled Disabled
Enabled Allow CRAM-MD5 String CRAM-MD5 N/A Disabled Disabled
Enabled Allow PLAIN String PLAIN N/A Disabled Disabled
Enabled Allow NTLM String NTLM N/A Disabled Disabled
Enabled Allow LOGIN String LOGIN N/A Disabled Disabled
Enabled Allow GSSAPI String GSSAPI N/A Disabled Disabled
Enabled Allow KERBEROS_V4 String KERBEROS_V4 N/A Disabled Disabled
Action to take if no rule above is matched Deny
Certificate N/A
Alarm Enabled
Log Disabled

POP3-Client
Proxy Name [ Proxy Type ] POP3-Client [ POP3 ]
AntiVirus [ Disabled ]
Features spamBlocker [ Disabled ]
Protocol Timeout 1 minute
Maximum Line Length 1000 bytes
Hide Server Replies Enabled
Uuencoded Attachments Disabled
BinHex Attachments Disabled

52 von 79 26.11.23, 08:37

Firebox Configuration Report https://172.17.0.7:8080/system/configuration

TLS-Profile [ TLS-Client.Standard ]
TLS Action [ Allow ]
Log [ Enabled ]
Logging For Reports Enabled
Diagnostics Override Level Disabled

POP3 Protocol
Status Action Name Match Type Value Certificate Alarm Log
Enabled Allow DIGEST-MD5 String DIGEST-MD5 N/A Disabled Disabled
Enabled Allow CRAM-MD5 String CRAM-MD5 N/A Disabled Disabled
Enabled Allow PLAIN String PLAIN N/A Disabled Disabled
Enabled Allow NTLM String NTLM N/A Disabled Disabled
Enabled Allow LOGIN String LOGIN N/A Disabled Disabled
Enabled Allow GSSAPI String GSSAPI N/A Disabled Disabled
Enabled Allow KERBEROS_V4 String KERBEROS_V4 N/A Disabled Disabled
Action to take if no rule above is matched Deny
Certificate N/A
Alarm Enabled
Log Disabled

POP3-Server.Standard
Proxy Name [ Proxy Type ] POP3-Server.Standard [ POP3 ]
AntiVirus [ Disabled ]
Features spamBlocker [ Disabled ]
Protocol Timeout 1 minute
Maximum Line Length 1000 bytes
Hide Server Replies Enabled
Uuencoded Attachments Enabled
BinHex Attachments Enabled
TLS-Profile [ TLS-Server.Standard ]
TLS Action [ Allow ]
Log [ Enabled ]
Logging For Reports Enabled
Diagnostics Override Level Disabled

POP3 Protocol
Status Action Name Match Type Value Certificate Alarm Log
Enabled Allow DIGEST-MD5 String DIGEST-MD5 N/A Disabled Disabled
Enabled Allow CRAM-MD5 String CRAM-MD5 N/A Disabled Disabled
Enabled Allow PLAIN String PLAIN N/A Disabled Disabled
Enabled Allow NTLM String NTLM N/A Disabled Disabled
Enabled Allow LOGIN String LOGIN N/A Disabled Disabled
Enabled Allow GSSAPI String GSSAPI N/A Disabled Disabled
Enabled Allow KERBEROS_V4 String KERBEROS_V4 N/A Disabled Disabled
Action to take if no rule above is matched Deny
Certificate N/A
Alarm Enabled
Log Disabled

POP3-Server
Proxy Name [ Proxy Type ] POP3-Server [ POP3 ]
AntiVirus [ Disabled ]
Features spamBlocker [ Disabled ]
Protocol Timeout 1 minute
Maximum Line Length 1000 bytes
Hide Server Replies Enabled
Uuencoded Attachments Disabled
BinHex Attachments Disabled
TLS-Profile [ TLS-Server.Standard ]
TLS Action [ Allow ]
Log [ Enabled ]
Logging For Reports Enabled
Diagnostics Override Level Disabled

POP3 Protocol
Status Action Name Match Type Value Certificate Alarm Log
Enabled Allow DIGEST-MD5 String DIGEST-MD5 N/A Disabled Disabled
Enabled Allow CRAM-MD5 String CRAM-MD5 N/A Disabled Disabled
Enabled Allow PLAIN String PLAIN N/A Disabled Disabled
Enabled Allow NTLM String NTLM N/A Disabled Disabled
Enabled Allow LOGIN String LOGIN N/A Disabled Disabled
Enabled Allow GSSAPI String GSSAPI N/A Disabled Disabled
Enabled Allow KERBEROS_V4 String KERBEROS_V4 N/A Disabled Disabled
Action to take if no rule above is matched Deny
Certificate N/A
Alarm Enabled
Log Disabled

SIP-Client
Proxy Name [ Proxy Type ] SIP-Client [ SIP ]
Header Normalization Enabled
Topology Hiding Enabled
Directory Harvesting Protection Enabled
Rewrite User Agent Disabled
Idle Media Channels 15 minutes
Registration Expiration 15 minutes
Logging For Reports Enabled
Diagnostics Override Level Disabled

SMTP-Incoming.Standard
Proxy Name [ Proxy Type ] SMTP-Incoming.Standard [ SMTP ]
AntiVirus [ Disabled ]
Data Loss Prevention [ Disabled ]
Features spamBlocker [ Disabled ]
APT Blocker [ Disabled ]
Connection Idle Timeout 10 minutes
Maximum Email Recipients 99
Maximum Address Length Disabled
Maximum Email Size 20000 kilobytes
Maximum Email Line Length 1000 bytes
Maximum Email Header Size Disabled
Message ID Disabled
Server Replies Enabled
Uuencoded Attachments Enabled
BinHex Attachments Enabled
Auto-block Source of Invalid Commands Disabled
Send Log Message when an SMTP Command is Denied Disabled
TLS-Profile [ TLS-Server.Standard ]
SMTPS Action [ Allow ]
Log [ Enabled ]
ESMTP [ Enabled ]
ESMTP STARTTLS [ Disabled ]
TLS-Profile [ TLS-Server.Standard ]
Logging For Reports Enabled
Diagnostics Override Level Disabled

53 von 79 26.11.23, 08:37

Firebox Configuration Report https://172.17.0.7:8080/system/configuration

Attachments Content Type Rules

Status Action Name Match Type Value Certificate Alarm Log
Disabled Allow WatchGuard application types String application/x-watchguard-locked N/A Disabled Disabled
Enabled Allow All application types Pattern application/* N/A Disabled Disabled
Enabled Allow All audio types Pattern audio/* N/A Disabled Disabled
Enabled Allow All font types Pattern font/* N/A Disabled Disabled
Enabled Allow All image types Pattern image/* N/A Disabled Disabled
Enabled Allow All encapsulated message types Pattern message/* N/A Disabled Disabled
Enabled Allow All model types Pattern model/* N/A Disabled Disabled
Enabled Allow All multipart types Pattern multipart/* N/A Disabled Disabled
Enabled Allow All text types Pattern text/* N/A Disabled Disabled
Enabled Allow All video types Pattern video/* N/A Disabled Disabled
Enabled Allow Missing or empty String N/A Disabled Disabled
Action to take if no rule above is matched Allow
Certificate N/A
Alarm Enabled
Log Disabled

SMTP-Incoming.SuS
Proxy Name [ Proxy Type ] SMTP-Incoming.SuS [ SMTP ]
AntiVirus [ Enabled ]
Data Loss Prevention [ Disabled ]
Features spamBlocker [ Disabled ]
APT Blocker [ Enabled ]
Connection Idle Timeout Disabled
Maximum Email Recipients 999
Maximum Address Length Disabled
Maximum Email Size 40000 kilobytes
Maximum Email Line Length 1000 bytes
Maximum Email Header Size 20000 bytes
Message ID Disabled
Server Replies Enabled
Uuencoded Attachments Enabled
BinHex Attachments Enabled
Auto-block Source of Invalid Commands Disabled
Send Log Message when an SMTP Command is Denied Enabled
TLS-Profile [ TLS-Server.Standard ]
SMTPS Action [ Allow ]
Log [ Enabled ]
ESMTP [ Enabled ]
ESMTP STARTTLS [ Disabled ]
TLS-Profile [ TLS-Server.Standard ]
Logging For Reports Enabled
Diagnostics Override Level Disabled

Attachments Content Type Rules

Status Action Name Match Type Value Certificate Alarm Log
Enabled AV Scan text/* Pattern text/* N/A Disabled Disabled
Enabled AV Scan image/* Pattern image/* N/A Disabled Disabled
Enabled AV Scan multipart/* Pattern multipart/* N/A Disabled Disabled
Enabled AV Scan message/* Pattern message/* N/A Disabled Disabled
Enabled AV Scan application/* Pattern application/* N/A Disabled Disabled
Disabled Allow application/x-watchguard-locked String application/x-watchguard-locked N/A Disabled Disabled
Action to take if no rule above is matched
Certificate N/A
Alarm Enabled
Log Disabled

SMTP-Incoming
Proxy Name [ Proxy Type ] SMTP-Incoming [ SMTP ]
AntiVirus [ Disabled ]
Data Loss Prevention [ Disabled ]
Features spamBlocker [ Disabled ]
APT Blocker [ Disabled ]
Connection Idle Timeout 10 minutes
Maximum Email Recipients 99
Maximum Address Length Disabled
Maximum Email Size 10000 kilobytes
Maximum Email Line Length 1000 bytes
Maximum Email Header Size Disabled
Message ID Disabled
Server Replies Enabled
Uuencoded Attachments Disabled
BinHex Attachments Disabled
Auto-block Source of Invalid Commands Disabled
Send Log Message when an SMTP Command is Denied Disabled
TLS-Profile [ TLS-Server.Standard ]
SMTPS Action [ Allow ]
Log [ Enabled ]
ESMTP [ Enabled ]
ESMTP STARTTLS [ Disabled ]
TLS-Profile [ TLS-Server.Standard ]
Logging For Reports Disabled
Diagnostics Override Level Disabled

Attachments Content Type Rules

Status Action Name Match Type Value Certificate Alarm Log
Disabled Allow WatchGuard application types String application/x-watchguard-locked N/A Disabled Disabled
Enabled Allow All application types Pattern application/* N/A Disabled Disabled
Enabled Allow All audio types Pattern audio/* N/A Disabled Disabled
Enabled Allow All font types Pattern font/* N/A Disabled Disabled
Enabled Allow All image types Pattern image/* N/A Disabled Disabled
Enabled Allow All encapsulated message types Pattern message/* N/A Disabled Disabled
Enabled Allow All model types Pattern model/* N/A Disabled Disabled
Enabled Allow All multipart types Pattern multipart/* N/A Disabled Disabled
Enabled Allow All text types Pattern text/* N/A Disabled Disabled
Enabled Allow All video types Pattern video/* N/A Disabled Disabled
Enabled Allow Missing or empty String N/A Disabled Disabled
Action to take if no rule above is matched
Certificate N/A
Alarm Enabled
Log Disabled

SMTP-Outgoing.Standard
Proxy Name [ Proxy Type ] SMTP-Outgoing.Standard [ SMTP ]
AntiVirus [ Disabled ]
Data Loss Prevention [ Disabled ]
Features spamBlocker [ Disabled ]
APT Blocker [ Disabled ]
Connection Idle Timeout 10 minutes
Maximum Email Recipients Disabled
Maximum Address Length Disabled
Maximum Email Size 20000 kilobytes
Maximum Email Line Length 1000 bytes
Maximum Email Header Size Disabled
Message ID Disabled
Server Replies Enabled

54 von 79 26.11.23, 08:37

Firebox Configuration Report https://172.17.0.7:8080/system/configuration

Uuencoded Attachments Enabled

BinHex Attachments Enabled
Auto-block Source of Invalid Commands Disabled
Send Log Message when an SMTP Command is Denied Disabled
TLS-Profile [ TLS-Client.Standard ]
SMTPS Action [ Allow ]
Log [ Enabled ]
ESMTP [ Enabled ]
ESMTP STARTTLS [ Disabled ]
TLS-Profile [ TLS-Client.Standard ]
Logging For Reports Enabled
Diagnostics Override Level Disabled

SMTP-Outgoing.SuS
Proxy Name [ Proxy Type ] SMTP-Outgoing.SuS [ SMTP ]
AntiVirus [ Disabled ]
Data Loss Prevention [ Disabled ]
Features spamBlocker [ Disabled ]
APT Blocker [ Enabled ]
Connection Idle Timeout 10 minutes
Maximum Email Recipients Disabled
Maximum Address Length Disabled
Maximum Email Size 20000 kilobytes
Maximum Email Line Length 1000 bytes
Maximum Email Header Size 20000 bytes
Message ID Disabled
Server Replies Enabled
Uuencoded Attachments Enabled
BinHex Attachments Enabled
Auto-block Source of Invalid Commands Disabled
Send Log Message when an SMTP Command is Denied Disabled
TLS-Profile [ TLS-Client.Standard ]
SMTPS Action [ Allow ]
Log [ Enabled ]
ESMTP [ Enabled ]
ESMTP STARTTLS [ Disabled ]
TLS-Profile [ TLS-Client.Standard ]
Logging For Reports Enabled
Diagnostics Override Level Disabled

SMTP-Outgoing
Proxy Name [ Proxy Type ] SMTP-Outgoing [ SMTP ]
AntiVirus [ Disabled ]
Data Loss Prevention [ Disabled ]
Features spamBlocker [ Disabled ]
APT Blocker [ Disabled ]
Connection Idle Timeout 10 minutes
Maximum Email Recipients Disabled
Maximum Address Length Disabled
Maximum Email Size 10000 kilobytes
Maximum Email Line Length 1000 bytes
Maximum Email Header Size Disabled
Message ID Disabled
Server Replies Enabled
Uuencoded Attachments Disabled
BinHex Attachments Disabled
Auto-block Source of Invalid Commands Disabled
Send Log Message when an SMTP Command is Denied Disabled
TLS-Profile [ TLS-Client.Standard ]
SMTPS Action [ Allow ]
Log [ Enabled ]
ESMTP [ Enabled ]
ESMTP STARTTLS [ Disabled ]
TLS-Profile [ TLS-Client.Standard ]
Logging For Reports Disabled
Diagnostics Override Level Disabled

TCP-UDP-Proxy.Standard
Proxy Name [ Proxy Type ] TCP-UDP-Proxy.Standard [ TCP-UDP-Proxy ]
HTTP [ HTTP-Client.Standard ]
HTTPS [ HTTPS-Client.Standard ]
Traffic Redirection SIP [ SIP-Client ]
Traffic [ Proxy ] FTP [ FTP-Client.Standard ]
IMAP [ IMAP-Client.Standard ]
Other Protocols [ Allow ]
Logging For Reports Enabled
Diagnostics Override Level Disabled

TCP-UDP-Proxy
Proxy Name [ Proxy Type ] TCP-UDP-Proxy [ TCP-UDP-Proxy ]
HTTP [ HTTP-Client ]
HTTPS [ HTTPS-Client ]
Traffic Redirection SIP [ SIP-Client ]
Traffic [ Proxy ] FTP [ FTP-Client ]
IMAP [ IMAP-Client.Standard ]
Other Protocols [ Allow ]
Logging For Reports Enabled
Diagnostics Override Level Disabled

2-6 Content Action

HTTP-Content.Standard
Content Rules
Content Action to take if no rule above is matched
Redirected Action HTTP-Server.Standard
Alarm Disabled
Log Enabled
SSL Offloading Disabled
HTTP Port 80
TLS Port 443

2-7 TLS Profiles

TLS-Client.Standard
Minimum Protocol OCSP Verification PFS TLS Compliance
TLS v1.0 Disabled Allowed Not enforced

TLS-Server.Standard
Minimum Protocol OCSP Verification PFS TLS Compliance
TLS v1.0 N/A Allowed Enforced

TLS-Client-HTTPS.Standard
Minimum Protocol OCSP Verification PFS TLS Compliance
TLS v1.0 Strict Allowed Not enforced

TLS-Server-HTTPS.Standard
Minimum Protocol OCSP Verification PFS TLS Compliance
TLS v1.0 N/A Allowed Not enforced

55 von 79 26.11.23, 08:37

Firebox Configuration Report https://172.17.0.7:8080/system/configuration

TLS-Client-HTTPS.Standard.1
Minimum Protocol OCSP Verification PFS TLS Compliance
TLS v1.0 Strict None Not enforced

TLS-Server-HTTPS.Standard.1
Minimum Protocol OCSP Verification PFS TLS Compliance
TLS v1.0 N/A None Not enforced

TLS-Server-HTTPS.Standard.2
Minimum Protocol OCSP Verification PFS TLS Compliance
TLS v1.0 N/A None Enforced

2-8 Traffic Management

Policies
Disabled
Interfaces
Interface Settings
Interfaces Bandwidth
Cluster_Interface Link Speed
DMZ-WLAN Link Speed
IPPhone Link Speed
Optional-10 Link Speed
Optional-11 Link Speed
Optional-12 Link Speed
Optional-13 Link Speed
Optional-14 Link Speed
Optional-15 Link Speed
Optional-16 Link Speed
Optional-17 Link Speed
Optional-18 Link Speed
Optional-2 Link Speed
Optional-8 Link Speed
Optional-9 Link Speed
S+S DMZ Link Speed
S+S LAN Link Speed
SuS_Labor Link Speed
T-Com_WAN Link Speed
Uplink-Core Link Speed

2-9 Scheduling

Schedules
Name
Always On
MF 0700-1900

Scheduling Policies
Policy Name Schedule
VPN-iPhoneDNS Always On
Tunnel-MFA-AlcatelTelefon Always On
Tunnel-AlcatelTelefon.1 Always On
VPN-DiehlES-Any Always On
VPN-DiehlK-Any Always On
VPN-Extern-MFA-Any Always On
Bechtle-IPSEC-Any Always On
BEOS-IPSEC-Any Always On
VPN-iPhone-Any Always On
VPN-Benutzer-Any Always On
Olschewski-Any Always On
Service-Partner-Any Always On
VPN-Bilgram-Any Always On
Tunnel-RDP Always On
Tunnel-DNS Always On
Tunnel-DHCP-Server Always On
Tunnel-AlcatelTelefon Always On
Tunnel-Https-SW-Netz Always On
Tunnel-Addison-Ports Always On
Tunnel-SSH Always On
Tunnel-Tunnel Domino01 Port Always On
Tunnel-OPAL_Lizens_Port.1 Always On
VPN-Benutzer-MFA-Any Always On
Tunnel-MFA-RDP.1 Always On
Tunnel-MFA-DNS Always On
Tunnel-MFA-DHCP-Server Always On
Tunnel-MFA-Addison-Ports Always On
Tunnel-MFA-SSH Always On
Tunnel-OPAL_Lizens_Port Always On
SSH.2 Always On
SSH.1 Always On
TFTP.1 Always On
SNMP.2 Always On
SNMP Always On
SNMP.1 Always On
NTP.1 Always On
Exchange365 Always On
Access Always On
Access.1 Always On
BOVPN-Allow.out Always On
Dakoso_Vpn.out Always On
Lobster_VPN.out Always On
SAP_VPN_Nagarro_.out Always On
TEN-IT_VPN_DATA_DOMAIN.out Always On
Any_fuer_PC131-10_PC061_PC151 Always On
Innerhalb SuS alles frei Always On
Any_fuer_GLG Always On
Any_On_Way_Labor Always On
Ports_Data_Domain_Rep Always On
FTP Always On
SFTP Always On
SSH_zum_Finanzamt Always On
SFTP zu Eckardt Always On
SFTP zu Dakosy Always On
SSH Always On
SSH zu DMZ Always On

56 von 79 26.11.23, 08:37

Firebox Configuration Report https://172.17.0.7:8080/system/configuration

SSH-8443 DELL Always On

SSH DELL Compellent Always On
Barcodescanner_Telnet Always On
CMN-DO02 Always On
Alarm-Server Port Always On
SMTP-in-proxy Always On
SMTP-Ferarri-Fax Always On
SMTP_in Always On
SMTP_DMZ_zu_LAN Always On
SMTP-out-proxy Always On
SMTP_Out Always On
SMTP_dmzWLAN Always On
DHCP-Server Always On
TFTP Always On
WatchGuard AcssesPortal SSLVPN Always On
Luja_PNA_Ports Always On
HTTP_DMZ_LAN Always On
HTTP_zu_DMZ Always On
HTTP in T Webmailer Always On
HTTP_dmzWLAN_intranet Always On
HTTP-proxy.GLG Always On
HTTP-Kiosk_zu_Intranet Always On
HTTP-proxy-Wachter Always On
HTTP-proxy-KIOSKPC Always On
HTTP-proxy Always On
HTTP-Deny Always On
POP3_dmzWLAN Always On
IMAP_dmzWLAN Always On
SNMP-von DESSBLX022 Always On
Z39-50_SciFinder Always On
DMZ-AD-Anbindung Always On
LDAP fuer DMZ Always On
Helpdesk-Port Always On
HTTPS-in-140-DMZ Always On
HTTPS-proxy-AV.Webmailer Always On
HTTPS in T Webmailer Always On
HTTPS-in-141-DMZ Always On
HTTPS in Mobileiron Always On
HTTPS Sentry in Always On
HTTPS mobileiron.com Always On
HTTPS-proxy_GLG Always On
HTTPS-DMZ-LAN Always On
HTTPS_dmzWLAN Always On
HTTPS_ESRS Always On
HTTPS-proxy.Wachter Always On
HTTPS-proxy-KIOSKPC Always On
HTTPS-proxy Always On
HTTPS_ESX_SC_Support_Assistent Always On
CWS Repair APP Port 2403 Always On
HTTPS-Deny Always On
SMTP-SSL_dmzWLAN Always On
IMAP-SSL_dmzWLAN Always On
OpenVPN Port 1194 Always On
Gast-Wlan-Port 8443 Always On
Groupwise_in Always On
Groupwise_out Always On
Barcodescanner_Lizenzserver Always On
HBCI_fuer_SFirm Always On
SRP BlackBerry Always On
RDP Always On
HTTPS zu DMZ Always On
WatchGuard Authentication Always On
WatchGuard Certificate Portal Always On
Apple APN Port 5223 Always On
Google C2DM Port 5228 Always On
ManageEngine Port 8020 Always On
ManageEngine Port 8027 Always On
ManageEnginePort8031 Always On
HTTP 8080 in Mobileiron Always On
WatchGuard Web UI Always On
ManageEnginePort8443 Always On
HTTPS Sentry Always On
Port8443 Always On
Port8443-ESRS Always On
Traveler-Sync_DMZ_zu_LAN Always On
Traveler-Sync_dmzWLAN_zuDMZ Always On
Traveler-Sync_WAN_zu_DMZ Always On
Port 9001 Always On
SMB-MobileIron-Fileserver Always On
Port9443-ESRS Always On
Port 9997 Mobileiron Always On
Port 9997 MobIron.WLAN Always On
NagiosClient Always On
Port 51543 Always On
Ping Always On
DNS Always On
DNS.1 Always On
NTP_DMZ Always On
NTP Always On
NTP_Extern Always On
Lotus-Notes_Retarus-Replik Always On
Lotus-Notes_DMZ_zu_LAN Always On
Lotus-Notes_LAN_zu_DMZ Always On
Lotus-Notes_WAN-zu_DMZ Always On
Aplle MDM Always On
Elster Always On
IPSec Always On
WatchGuard Always On
Barracuda VPN Always On
AlcatelTelefon Always On
SNMP-Trap Always On
DATA_Domain_REP_Port Always On
DellPerfomance Always On
SkypeBuisiness Always On
TEN-IT_VPN_DATA_DOMAIN.in Always On
Dakoso_Vpn.in Always On
Lobster_VPN.in Always On
SAP_VPN_Nagarro_.in Always On

57 von 79 26.11.23, 08:37

Firebox Configuration Report https://172.17.0.7:8080/system/configuration

BOVPN-Allow.in Always On

2-10 SNAT

SNAT
Name Type Description
9997 MobIron SNAT client sync traffic
Alarmserver SNAT
Exchange365 SNAT
HTTPS_Webmailer.1.snat SNAT
HTTP_TCOM_Webmailer.snat SNAT
HTTP_WAN_Webmailer.1.snat SNAT
Nat tcom Sentry SNAT
PRTG SNAT
SMTP-Retarus-Loadbalancing SLB IP Sprayer fuer SMTP
SMTP_in.1.snat SNAT
SMTP_in_Tcom.snat SNAT
http 8080 mobiron SNAT
https mobiron SNAT
https sentry SNAT
nat Tcom MobIron SNAT
nat auf domino03 SNAT

SNAT Details
9997 MobIron
Type Static NAT
Description client sync traffic
Any-External --> 192.168.200.20
Members Set Source IP: Disabled

Alarmserver
Type Static NAT
Description
80.156.231.138 --> 172.17.1.5
Members Set Source IP: Disabled

Exchange365
Type Static NAT
Description
80.156.231.138 --> 172.17.0.103
Members Set Source IP: Disabled

HTTPS_Webmailer.1.snat
Type Static NAT
Description
Any-External --> 192.168.200.15
Members Set Source IP: Disabled

HTTP_TCOM_Webmailer.snat
Type Static NAT
Description
80.156.231.140 --> 192.168.200.15
Members Set Source IP: Disabled

HTTP_WAN_Webmailer.1.snat
Type Static NAT
Description
Any-External --> 192.168.200.15
Members Set Source IP: Disabled

Nat tcom Sentry

Type Static NAT
Description
Any-External --> 192.168.200.21
Members Set Source IP: Disabled

PRTG
Type Static NAT
Description
80.156.231.138 --> :443
Members Set Source IP: Disabled

SMTP-Retarus-Loadbalancing
Type Server Load Balancing
Description IP Sprayer fuer SMTP
Method Least Connection
Enable sticky connection 8 hours
80.156.231.138 --> 172.17.0.2 [1]
Set Source IP: Disabled
Members 80.156.231.138 --> 172.17.0.43 [2]
Set Source IP: Disabled

SMTP_in.1.snat
Type Static NAT
Description
Any-External --> 172.17.0.2
Members Set Source IP: Disabled

SMTP_in_Tcom.snat
Type Static NAT
Description
80.156.231.138 --> 172.17.0.2
Members Set Source IP: Disabled

http 8080 mobiron

Type Static NAT
Description
Any-External --> 192.168.200.20
Members Set Source IP: Disabled

https mobiron
Type Static NAT
Description
Any-External --> 192.168.200.20
Members Set Source IP: Disabled

https sentry
Type Static NAT
Description
Any-External --> 192.168.200.21
Members Set Source IP: Disabled

nat Tcom MobIron

58 von 79 26.11.23, 08:37

Firebox Configuration Report https://172.17.0.7:8080/system/configuration

Type Static NAT

Description
80.156.231.141 --> 192.168.200.20
Members Set Source IP: Disabled

nat auf domino03

Type Static NAT
Description
80.156.231.138 --> 172.17.0.35
Members Set Source IP: Disabled

2-11 Default Packet Handling

Dangerous Activities
Drop Spoofing Attacks Enabled
Drop IP Source Route Enabled
Block Port Sp dace Probes 10 dest Ports/src IP (threshold)
Block Address Space Probes 10 dest IPs/src IP (threshold)
Drop IPSEC Flood Attack 1500 packets/sec (threshold)
Drop IKE Flood Attack 1000 packets/sec (threshold)
Drop ICMP Flood Attack 1000 packets/sec (threshold)
Drop SYN Flood Attack 5000 packets/sec (threshold)
Drop UDP Flood Attack 1000 packets/sec (threshold)

Unhandled Packets
Auto-block source of packets not handled Disabled
Send an error message to clients whose connections are disabled Disabled

Distributed Denial-of-Service Prevention

Per Server Quota 100 connections per second
Per Client Quota 100 connections per second

2-12 Blocked Sites

Blocked Sites
Blocked Sites
Duration For Auto-Blocked Sites 20 minutes
download.websense.com
Description: Default exception for WebBlocker server database
*.dnswatch.watchguard.com
Description: Default exception for WatchGuard Services
*.strongarm.io
Description: Default exception for WatchGuard Services
54.174.40.213
Description: DNS Service
52.3.100.184
Description: DNS Service
54.199.61.196
Description: DNS Service
176.34.8.52
Description: DNS Service
34.240.115.208
Description: DNS Service
34.251.171.117
Description: DNS Service
13.237.104.38
Description: DNS Service
13.237.109.176
Description: DNS Service
Blocked Address Exception
52.215.192.68
Description: DNS Service
52.215.192.69
Description: DNS Service
54.173.101.99
Description: Black Hole
*.pandasecurity.com
Description: Default exception for Panda products and services
aether100proservicebus.servicebus.windows.net
Description: Default exception for Panda products and services
aether100pronotification.table.core.windows.net
Description: Default exception for Panda products and services
content.ivanti.com
Description: Default exception for Panda products and services
*.globalsign.net
Description: Default exception for Panda products and services
*.globalsign.com
Description: Default exception for Panda products and services
*.digicert.com
Description: Default exception for Panda products and services
*.ctmail.com
Description: Default exception for Panda products and services

2-13 Blocked Ports

Blocked Ports
Blocked Ports
Automatically block sites that
Disabled
try to use blocked ports
1
111
513
514
2049
6000
Blocked Ports 6001
6002
6003
6004
6005
7100
8000

2-14 Quotas
Disabled

3. Subscription Services

3-1 Application Control

Application Control Policies

Application Control Summary
Policy Name Application Control Action

59 von 79 26.11.23, 08:37

Firebox Configuration Report https://172.17.0.7:8080/system/configuration

VPN-iPhoneDNS None
Tunnel-MFA-AlcatelTelefon Global
Tunnel-AlcatelTelefon.1 None
VPN-DiehlES-Any None
VPN-DiehlK-Any None
VPN-Extern-MFA-Any None
Bechtle-IPSEC-Any None
BEOS-IPSEC-Any Global
VPN-iPhone-Any None
VPN-Benutzer-Any None
Olschewski-Any None
Service-Partner-Any None
VPN-Bilgram-Any None
Tunnel-RDP None
Tunnel-DNS Global
Tunnel-DHCP-Server Global
Tunnel-AlcatelTelefon Global
Tunnel-Https-SW-Netz Global
Tunnel-Addison-Ports Global
Tunnel-SSH Global
Tunnel-Tunnel Domino01 Port Global
Tunnel-OPAL_Lizens_Port.1 Global
VPN-Benutzer-MFA-Any Global
Tunnel-MFA-RDP.1 Global
Tunnel-MFA-DNS Global
Tunnel-MFA-DHCP-Server Global
Tunnel-MFA-Addison-Ports Global
Tunnel-MFA-SSH Global
Tunnel-OPAL_Lizens_Port Global
SSH.2 None
SSH.1 None
TFTP.1 None
SNMP.2 None
SNMP None
SNMP.1 None
NTP.1 None
Exchange365 Global
Access None
Access.1 None
BOVPN-Allow.out None
Dakoso_Vpn.out None
Lobster_VPN.out None
SAP_VPN_Nagarro_.out None
TEN-IT_VPN_DATA_DOMAIN.out None
Any_fuer_PC131-10_PC061_PC151 None
Innerhalb SuS alles frei None
Any_fuer_GLG None
Any_On_Way_Labor None
Ports_Data_Domain_Rep None
FTP None
SFTP Global
SSH_zum_Finanzamt None
SFTP zu Eckardt None
SFTP zu Dakosy None
SSH None
SSH zu DMZ None
SSH-8443 DELL None
SSH DELL Compellent None
Barcodescanner_Telnet None
CMN-DO02 None
Alarm-Server Port None
SMTP-in-proxy None
SMTP-Ferarri-Fax None
SMTP_in None
SMTP_DMZ_zu_LAN None
SMTP-out-proxy None
SMTP_Out None
SMTP_dmzWLAN None
DHCP-Server None
TFTP None
WatchGuard AcssesPortal SSLVPN Global
Luja_PNA_Ports None
HTTP_DMZ_LAN None
HTTP_zu_DMZ None
HTTP in T Webmailer None
HTTP_dmzWLAN_intranet None
HTTP-proxy.GLG None
HTTP-Kiosk_zu_Intranet None
HTTP-proxy-Wachter None
HTTP-proxy-KIOSKPC None
HTTP-proxy None
HTTP-Deny None
POP3_dmzWLAN None
IMAP_dmzWLAN None
SNMP-von DESSBLX022 None
Z39-50_SciFinder None
DMZ-AD-Anbindung Global
LDAP fuer DMZ None
Helpdesk-Port Global
HTTPS-in-140-DMZ None
HTTPS-proxy-AV.Webmailer None
HTTPS in T Webmailer None
HTTPS-in-141-DMZ None
HTTPS in Mobileiron None
HTTPS Sentry in None
HTTPS mobileiron.com Global
HTTPS-proxy_GLG None
HTTPS-DMZ-LAN None
HTTPS_dmzWLAN None
HTTPS_ESRS None
HTTPS-proxy.Wachter None
HTTPS-proxy-KIOSKPC None
HTTPS-proxy None
HTTPS_ESX_SC_Support_Assistent None
CWS Repair APP Port 2403 None
HTTPS-Deny None
SMTP-SSL_dmzWLAN None
IMAP-SSL_dmzWLAN None

60 von 79 26.11.23, 08:37

Firebox Configuration Report https://172.17.0.7:8080/system/configuration

OpenVPN Port 1194 None

Gast-Wlan-Port 8443 Global
Groupwise_in None
Groupwise_out None
Barcodescanner_Lizenzserver None
HBCI_fuer_SFirm None
SRP BlackBerry Global
RDP None
HTTPS zu DMZ None
WatchGuard Authentication None
WatchGuard Certificate Portal None
Apple APN Port 5223 None
Google C2DM Port 5228 None
ManageEngine Port 8020 None
ManageEngine Port 8027 None
ManageEnginePort8031 None
HTTP 8080 in Mobileiron None
WatchGuard Web UI None
ManageEnginePort8443 None
HTTPS Sentry None
Port8443 None
Port8443-ESRS None
Traveler-Sync_DMZ_zu_LAN Global
Traveler-Sync_dmzWLAN_zuDMZ None
Traveler-Sync_WAN_zu_DMZ None
Port 9001 None
SMB-MobileIron-Fileserver None
Port9443-ESRS None
Port 9997 Mobileiron None
Port 9997 MobIron.WLAN None
NagiosClient None
Port 51543 None
Ping None
DNS None
DNS.1 None
NTP_DMZ None
NTP None
NTP_Extern None
Lotus-Notes_Retarus-Replik None
Lotus-Notes_DMZ_zu_LAN None
Lotus-Notes_LAN_zu_DMZ None
Lotus-Notes_WAN-zu_DMZ None
Aplle MDM None
Elster None
IPSec None
WatchGuard None
Barracuda VPN None
AlcatelTelefon None
SNMP-Trap Global
DATA_Domain_REP_Port None
DellPerfomance None
SkypeBuisiness None
TEN-IT_VPN_DATA_DOMAIN.in None
Dakoso_Vpn.in None
Lobster_VPN.in None
SAP_VPN_Nagarro_.in None
BOVPN-Allow.in None

Application Control Actions

Global has no allowed or blocked categories.

3-2 WebBlocker

WebBlocker Servers
Disabled
WebBlocker Global Exceptions
Status Action Name Match Type Value Certificate Alarm Log
Enabled Allow WatchGuard Regular Expression ^[0-9a-zA-Z_\-.]{1,256}\.watchguard\.com/ N/A Disabled Disabled
Enabled Allow Panda Security Pattern *.pandasecurity.com/* N/A Disabled Enabled
Enabled Allow Panda Security (Services) Pattern aether100proservicebus.servicebus.windows.net/* N/A Disabled Enabled
Enabled Allow Panda Security (Notifications) Pattern aether100pronotification.table.core.windows.net/* N/A Disabled Enabled
Enabled Allow Panda Security (Path Management) Pattern content.ivanti.com/* N/A Disabled Enabled
Enabled Allow globalsign.net Pattern *.globalsign.net/* N/A Disabled Enabled
Enabled Allow globalsign.com Pattern *.globalsign.com/* N/A Disabled Enabled
Enabled Allow digicert.com Pattern *.digicert.com/* N/A Disabled Enabled
Enabled Allow ctmail.com Pattern *.ctmail.com/* N/A Disabled Enabled
Action to take if no rule above is matched
Certificate N/A
Alarm Disabled
Log Disabled

WebBlocker Actions
WebBlocker Actions
WebBlocker.5
WebBlocker.6 (not used)
WebBlocker.KIOSKPC
WebBlocker.MUK

WebBlocker Action
WebBlocker Action WebBlocker.5
WebBlocker Server Webblocker Cloud
Adult Content
Adult Material
Advanced Malware Command and Control
Bot Networks
Compromised Websites
Dynamic DNS
Elevated Exposure
Emerging Exploits
Extended Protection
Gambling
Games
Gay or Lesbian or Bisexual Interest
Deny Categories Illegal or Questionable
Instant Messaging
Keyloggers
Malicious Embedded Link
Malicious Embedded iFrame
Malicious Web Sites
Mobile Malware
Nudity
Pay-to-Surf
Peer-to-Peer File Sharing
Personals and Dating
Phishing and Other Frauds
Potentially Unwanted Software

61 von 79 26.11.23, 08:37

Firebox Configuration Report https://172.17.0.7:8080/system/configuration

Proxy Avoidance
Security
Sex
Sex Education
Social Web - Facebook
Social Web - Twitter
Spyware
Streaming Media
Suspicious Content
Suspicious Embedded Link
Tasteless
Unauthorized Mobile Marketplaces
Violence
Web Chat
Website Translation
Warn Categories No Category Selected
Default Action Allow
name: WatchGuard
pattern: *.watchguard.com/*
allow
log: false

name: WB Rule 1
pattern: *babelfish.altavista.com*/*
allow
log: false

name: WB Rule 2
pattern: *Kirche-im-SWR.de/*
allow
log: false

name: WB Rule 3
pattern: *.lotto*.de/*
allow
log: false

name: WB Rule 4
pattern: *.dereferer.org/*
allow
log: false

name: WB Rule 5
pattern: *.healthmegamall.com/*
allow
log: false

name: WB Rule 6
pattern: chemreg-border.epa.gov.tw/*
allow
log: false

name: EMC
pattern: *.emc.com/*
allow
log: false

name: Contibridge
pattern: *.contibridge.*/*
allow
log: false

name: linkedin
pattern: *.linkedin.*/*
allow
log: false

name: daserste
pattern: *.daserste.*/*
allow
log: false

name: Whatsapp
pattern: *.whatsapp.net/*
allow
log: false

name: ak-argus luja

pattern: *.ak-argus.*/*
allow
log: false

name: vca-savethedate-nutcracker2018-b
pattern: *.vca-savethedate-nutcracker2018.com*/*
WebBlocker Exceptions allow
log: false

name: vca-savethedate-nutcracker2018
pattern: *.vca-savethedate-nutcracker2018.*/*
allow
log: false

name: Skype win10 app

pattern: *.messenger.live.com/*
allow
log: false

name: onetoone.de
pattern: *.onetoone.de/*
allow
log: false

name: onetoone.de2
pattern: onetoone.de/*
allow
log: false

name: Vimeo1
pattern: *.vimeo.*/*
allow
log: false

name: Vimeo2
pattern: vimeo.*/*
allow
log: false

name: Vimeo3
pattern: *.vimeo*.*/*
allow
log: false

name: gotomeeting
pattern: *.transcripts.gotomeeting.com/*
allow
log: false

name: gotomeeting2
pattern: ssl.p.jwpcdn.com/*
allow
log: false

name: leatherbiz
pattern: leatherbiz.*/*
allow
log: false

name: MobileIron
pattern: *.mobileiron.com/*
allow
log: false

name: Apple
pattern: *.apple.com/*
allow
log: false

name: retarus protection

pattern: *.retarus.*/*
allow
log: false

62 von 79 26.11.23, 08:37

Firebox Configuration Report https://172.17.0.7:8080/system/configuration

name: analytik
pattern: *.analytik.de/*
allow
log: true

name: bigmarker
pattern: *.bigmarker.*/*
allow
log: false

name: ssh zugriff dell

pattern: *.sshdisp.g3.ph.dell.*/*
allow
log: true

name: streamlock
pattern: *.streamlock.*/*
allow
log: true

name: http://intertek-cdn.s3.amazonaws.com/
pattern: *.intertek-cdn.s3.amazonaws.com/*
allow
log: true

name: .tawk.to
pattern: *.tawk.to/*
allow
log: false

name: exammi.de
pattern: .exammi.*/*
allow
log: false

name: edudip.com
pattern: *.edudip.*/*
allow
log: true
alarm: WebBlocker.5-ph

name: Outlook
pattern: *.protection.outlook.com/*
allow
log: true
alarm: WebBlocker.5-ph

name: Mail.outlook
pattern: */*.mail.protection.outlook.com/*
allow
log: true
alarm: WebBlocker.5-ph

name: onMicrosoft
pattern:
autodiscover.schillseilacher0365.onmicrosoft.com/*
allow
log: true
alarm: WebBlocker.5-ph

name: Kühl handy cws

pattern: 20.23.15.31/*
allow
log: true
alarm: WebBlocker.5-ph

name: dacoso-portal.atlassian.net
pattern: *.dacoso-portal.atlassian.net/*
allow
log: true

name: fbi.de
pattern: *.fbi.de/*
allow
log: false

name: store.steampowered.com
pattern: *.steampowered.*/*
allow
log: false

Default:
- if no match, use category list to determine
accessibility

WebBlocker Action WebBlocker.KIOSKPC

WebBlocker Server Webblocker Cloud
Abortion
Abused Drugs
Adult Content
Adult Material
Advanced Malware Command and Control
Advertisements
Advocacy Groups
Alcohol and Tobacco
Alternative Journals
Application and Software Download
Bandwidth
Blogs and Personal Sites
Bot Networks
Business and Economy
Collaboration - Office
Compromised Websites
Computer Security
Content Delivery Networks
Cultural Institutions
Drugs
Dynamic Content
Dynamic DNS
Education
Educational Institutions
Educational Materials
Educational Video
Elevated Exposure
Emerging Exploits
Entertainment
Entertainment Video
Extended Protection
Deny Categories File Download Servers
Financial Data and Services
Gambling
Games
Gay or Lesbian or Bisexual Interest
General Email
Government
Hacking
Health
Hobbies
Hosted Business Applications
Illegal or Questionable
Information Technology
Instant Messaging
Internet Auctions
Internet Communication
Internet Radio and TV
Internet Telephony
Intolerance
Job Search
Keyloggers
Lingerie and Swimsuit
Malicious Embedded Link
Malicious Embedded iFrame
Malicious Web Sites
Marijuana
Media File Download
Message Boards and Forums
Militancy and Extremist
Military
Miscellaneous
Mobile Malware

63 von 79 26.11.23, 08:37

Firebox Configuration Report https://172.17.0.7:8080/system/configuration

Network Errors
Newly Registered Websites
News and Media
Non-Traditional Religions
Nudity
Nutrition
Online Brokerage and Trading
Organizational Email
Parked Domain
Pay-to-Surf
Peer-to-Peer File Sharing
Personal Network Storage and Backup
Personals and Dating
Phishing and Other Frauds
Political Organizations
Potentially Unwanted Software
Prescribed Medications
Private IP Addresses
Pro-Choice
Pro-Life
Productivity
Professional and Worker Organizations
Proxy Avoidance
Real Estate
Reference Materials
Religion
Restaurants and Dining
Search Engines and Portals
Security
Service and Philanthropic Organizations
Sex
Sex Education
Shopping
Social Networking
Social Organizations
Social Web - Facebook
Social Web - LinkedIn
Social Web - Twitter
Social Web - YouTube
Social and Affiliation Organizations
Society and Lifestyles
Special Events
Sport Hunting and Gun Clubs
Sports
Spyware
Streaming Media
Surveillance
Suspicious Content
Suspicious Embedded Link
Tasteless
Text and Media Messaging
Traditional Religions
Travel
Unauthorized Mobile Marketplaces
Vehicles
Violence
Viral Video
Weapons
Web Analytics
Web Chat
Web Collaboration
Web Hosting
Web Images
Web Infrastructure
Web and Email Marketing
Web and Email Spam
Website Translation
Warn Categories No Category Selected
Default Action Allow
name: WatchGuard
pattern: *.watchguard.com/*
allow
log: false

name: SAM-Secova
WebBlocker Exceptions pattern: *.secova.*/*
allow
log: false

Default:
- if no match, use category list to determine
accessibility

WebBlocker Action WebBlocker.MUK

WebBlocker Server Webblocker Cloud
Adult Content
Adult Material
Advanced Malware Command and Control
Bot Networks
Compromised Websites
Dynamic DNS
Elevated Exposure
Emerging Exploits
Extended Protection
Gambling
Games
Gay or Lesbian or Bisexual Interest
Illegal or Questionable
Instant Messaging
Keyloggers
Malicious Embedded Link
Malicious Embedded iFrame
Malicious Web Sites
Mobile Malware
Deny Categories Nudity
Pay-to-Surf
Peer-to-Peer File Sharing
Personals and Dating
Phishing and Other Frauds
Potentially Unwanted Software
Proxy Avoidance
Security
Sex
Sex Education
Spyware
Streaming Media
Suspicious Content
Suspicious Embedded Link
Tasteless
Unauthorized Mobile Marketplaces
Violence
Web Chat
Website Translation
Warn Categories No Category Selected
Default Action Allow
name: WatchGuard
pattern: *.watchguard.com/*
allow
log: false

name: WB Rule 1
pattern: *babelfish.altavista.com*/*
allow
log: false

name: WB Rule 2
WebBlocker Exceptions pattern: *Kirche-im-SWR.de/*
allow
log: false

name: WB Rule 3
pattern: *.lotto*.de/*
allow
log: false

name: WB Rule 4
pattern: *.dereferer.org/*
allow

64 von 79 26.11.23, 08:37

Firebox Configuration Report https://172.17.0.7:8080/system/configuration

log: false

name: WB Rule 5
pattern: *.healthmegamall.com/*
allow
log: false

name: WB Rule 6
pattern: chemreg-border.epa.gov.tw/*
allow
log: false

name: EMC
pattern: *.emc.com/*
allow
log: false

name: Contibridge
pattern: *.contibridge.*/*
allow
log: false

name: linkedin
pattern: *.linkedin.*/*
allow
log: false

name: daserste
pattern: *.daserste.*/*
allow
log: false

name: Whatsapp
pattern: *.whatsapp.net/*
allow
log: false

name: ak-argus luja

pattern: *.ak-argus.*/*
allow
log: false

name: vca-savethedate-nutcracker2018-b
pattern: *.vca-savethedate-
nutcracker2018.com*/*
allow
log: false

name: vca-savethedate-nutcracker2018
pattern: *.vca-savethedate-nutcracker2018.*/*
allow
log: false

name: Skype win10 app

pattern: *.messenger.live.com/*
allow
log: false

name: onetoone.de
pattern: *.onetoone.de/*
allow
log: false

name: onetoone.de2
pattern: onetoone.de/*
allow
log: false

name: Vimeo1
pattern: *.vimeo.*/*
allow
log: false

name: Vimeo2
pattern: vimeo.*/*
allow
log: false

name: Vimeo3
pattern: *.vimeo*.*/*
allow
log: false

name: gotomeeting
pattern: *.transcripts.gotomeeting.com/*
allow
log: false

name: gotomeeting2
pattern: ssl.p.jwpcdn.com/*
allow
log: false

name: leatherbiz
pattern: leatherbiz.*/*
allow
log: false

name: MobileIron
pattern: *.mobileiron.com/*
allow
log: false

name: Apple
pattern: *.apple.com/*
allow
log: false

name: retarus protection

pattern: *.retarus.*/*
allow
log: false

name: analytik
pattern: *.analytik.de/*
allow
log: true

name: bigmarker
pattern: *.bigmarker.*/*
allow
log: false

name: ssh zugriff dell

pattern: *.sshdisp.g3.ph.dell.*/*
allow
log: true

name: streamlock
pattern: *.streamlock.*/*
allow
log: true

name: http://intertek-cdn.s3.amazonaws.com/
pattern: *.intertek-cdn.s3.amazonaws.com/*
allow
log: true

name: .tawk.to
pattern: *.tawk.to/*
allow
log: false

name: exammi.de
pattern: .exammi.*/*
allow
log: false

name: edudip.com
pattern: *.edudip.*/*
allow
log: true

65 von 79 26.11.23, 08:37

Firebox Configuration Report https://172.17.0.7:8080/system/configuration

Default:
- if no match, use category list to determine
accessibility

3-3 spamBlocker

spamBlocker
Maximum file size to scan 100 KB
General Settings
Server region ANY
Contact the spamBlocker server using an HTTP proxy server Disabled
Server address
Server port 8080
HTTP Proxy Server
Server authentication No Authentication
User domain None
User Name None

3-4 Gateway AV

Gateway AntiVirus Actions

Policy Name Service Type GAV
HTTP-Client.1 None HTTP Enabled
HTTP-Client.KIOSKPC HTTP-proxy HTTP Enabled
HTTP-Client.Standard.1 HTTP-proxy HTTP Enabled
HTTP-Client.Wachter HTTP-proxy HTTP Enabled
HTTP-Client_GLG HTTP-proxy HTTP Enabled
SMTP-Incoming.SuS SMTP-proxy SMTP Enabled

Gateway AntiVirus / HTTP-Client.1

Drop
When a virus is detected Alarm [Disabled]
Log [Enabled]
Allow
When a scan error occurs Alarm [Disabled]
Log [Enabled]
Gateway AntiVirus Configuration
When content exceeds scan size limit Alarm [Disabled]
Log [Disabled]
Allow
When content is encrypted Alarm [Disabled]
Log [Enabled]
File Scan Limit scanning to first 1024 kilobytes

Gateway AntiVirus / HTTP-Client.KIOSKPC

Drop
When a virus is detected Alarm [Disabled]
Log [Enabled]
Allow
When a scan error occurs Alarm [Disabled]
Log [Enabled]
Gateway AntiVirus Configuration
When content exceeds scan size limit Alarm [Disabled]
Log [Disabled]
Allow
When content is encrypted Alarm [Disabled]
Log [Enabled]
File Scan Limit scanning to first 10240 kilobytes

Gateway AntiVirus / HTTP-Client.Standard.1

Drop
When a virus is detected Alarm [Disabled]
Log [Enabled]
Allow
When a scan error occurs Alarm [Disabled]
Log [Enabled]
Gateway AntiVirus Configuration
When content exceeds scan size limit Alarm [Disabled]
Log [Disabled]
Allow
When content is encrypted Alarm [Disabled]
Log [Enabled]
File Scan Limit scanning to first 10240 kilobytes

Gateway AntiVirus / HTTP-Client.Wachter

Drop
When a virus is detected Alarm [Disabled]
Log [Enabled]
Allow
When a scan error occurs Alarm [Disabled]
Log [Enabled]
Gateway AntiVirus Configuration
When content exceeds scan size limit Alarm [Disabled]
Log [Disabled]
Allow
When content is encrypted Alarm [Disabled]
Log [Enabled]
File Scan Limit scanning to first 10240 kilobytes

Gateway AntiVirus / HTTP-Client_GLG

Drop
When a virus is detected Alarm [Disabled]
Log [Enabled]
Allow
When a scan error occurs Alarm [Disabled]
Log [Enabled]
Gateway AntiVirus Configuration
When content exceeds scan size limit Alarm [Disabled]
Log [Disabled]
Allow
When content is encrypted Alarm [Disabled]
Log [Enabled]
File Scan Limit scanning to first 1024 kilobytes

Gateway AntiVirus / SMTP-Incoming.SuS

Remove
When a virus is detected Alarm [Disabled]
Log [Enabled]
Lock
When a scan error occurs Alarm [Disabled]
Log [Enabled]
Gateway AntiVirus Configuration
When content exceeds scan size limit Alarm [Disabled]
Log [Disabled]
Allow
When content is encrypted Alarm [Disabled]
Log [Enabled]
File Scan Limit scanning to first 1024 kilobytes

Gateway AntiVirus / Settings

Automatic Update Interval 6 hours

66 von 79 26.11.23, 08:37

Firebox Configuration Report https://172.17.0.7:8080/system/configuration

Intrusion Prevention and Application Control Signatures Enabled

Gateway AntiVirus Signatures Enabled
IntelligentAV Updates Disabled
Data Loss Prevention Signatures Enabled
Update server URL https://services.watchguard.com
HTTP Proxy Server Connect to Update Server using an HTTP proxy server Disabled

3-5 IntelligentAV
Disabled

3-6 Geolocation Blocking

Geolocation Blocking Policies

Geolocation Blocking Summary
Policy Name Geolocation Blocking Action
SSH.2 Global
SSH.1 Global
TFTP.1 Global
SNMP.2 Global
SNMP Global
SNMP.1 Global
NTP.1 Global
Exchange365 Global
Access Global
Access.1 Global
BOVPN-Allow.out Global
Dakoso_Vpn.out Global
Lobster_VPN.out Global
SAP_VPN_Nagarro_.out Global
TEN-IT_VPN_DATA_DOMAIN.out Global
Any_fuer_PC131-10_PC061_PC151 None
Innerhalb SuS alles frei Global
Any_fuer_GLG Global
Any_On_Way_Labor Global
Ports_Data_Domain_Rep Global
FTP Global
SFTP Global
SSH_zum_Finanzamt Global
SFTP zu Eckardt Global
SFTP zu Dakosy None
SSH None
SSH zu DMZ Global
SSH-8443 DELL Global
SSH DELL Compellent Global
Barcodescanner_Telnet Global
CMN-DO02 Global
Alarm-Server Port Global
SMTP-in-proxy Global
SMTP-Ferarri-Fax Global
SMTP_in None
SMTP_DMZ_zu_LAN Global
SMTP-out-proxy Global
SMTP_Out Global
SMTP_dmzWLAN Global
DHCP-Server Global
TFTP Global
WatchGuard AcssesPortal SSLVPN Global
Luja_PNA_Ports Global
HTTP_DMZ_LAN Global
HTTP_zu_DMZ Global
HTTP in T Webmailer Global
HTTP_dmzWLAN_intranet Global
HTTP-proxy.GLG Global
HTTP-Kiosk_zu_Intranet Global
HTTP-proxy-Wachter Global
HTTP-proxy-KIOSKPC Global
HTTP-proxy None
HTTP-Deny Global
POP3_dmzWLAN Global
IMAP_dmzWLAN Global
SNMP-von DESSBLX022 Global
Z39-50_SciFinder Global
DMZ-AD-Anbindung Global
LDAP fuer DMZ Global
Helpdesk-Port Global
HTTPS-in-140-DMZ None
HTTPS-proxy-AV.Webmailer Global
HTTPS in T Webmailer Global
HTTPS-in-141-DMZ None
HTTPS in Mobileiron Global
HTTPS Sentry in Global
HTTPS mobileiron.com Global
HTTPS-proxy_GLG Global
HTTPS-DMZ-LAN Global
HTTPS_dmzWLAN Global
HTTPS_ESRS Global
HTTPS-proxy.Wachter Global
HTTPS-proxy-KIOSKPC Global
HTTPS-proxy None
HTTPS_ESX_SC_Support_Assistent Global
CWS Repair APP Port 2403 Global
HTTPS-Deny Global
SMTP-SSL_dmzWLAN Global
IMAP-SSL_dmzWLAN Global
OpenVPN Port 1194 Global
Gast-Wlan-Port 8443 Global
Groupwise_in Global
Groupwise_out Global
Barcodescanner_Lizenzserver Global
HBCI_fuer_SFirm Global
SRP BlackBerry Global
RDP Global
HTTPS zu DMZ Global
WatchGuard Authentication Global
WatchGuard Certificate Portal Global
Apple APN Port 5223 Global
Google C2DM Port 5228 Global

67 von 79 26.11.23, 08:37

Firebox Configuration Report https://172.17.0.7:8080/system/configuration

ManageEngine Port 8020 Global

ManageEngine Port 8027 Global
ManageEnginePort8031 Global
HTTP 8080 in Mobileiron Global
WatchGuard Web UI Global
ManageEnginePort8443 Global
HTTPS Sentry Global
Port8443 Global
Port8443-ESRS Global
Traveler-Sync_DMZ_zu_LAN Global
Traveler-Sync_dmzWLAN_zuDMZ Global
Traveler-Sync_WAN_zu_DMZ Global
Port 9001 Global
SMB-MobileIron-Fileserver Global
Port9443-ESRS Global
Port 9997 Mobileiron Global
Port 9997 MobIron.WLAN Global
NagiosClient Global
Port 51543 Global
Ping Global
DNS Global
DNS.1 Global
NTP_DMZ Global
NTP Global
NTP_Extern Global
Lotus-Notes_Retarus-Replik Global
Lotus-Notes_DMZ_zu_LAN None
Lotus-Notes_LAN_zu_DMZ Global
Lotus-Notes_WAN-zu_DMZ Global
Aplle MDM Global
Elster Global
IPSec Global
WatchGuard Global
Barracuda VPN Global
AlcatelTelefon None
SNMP-Trap Global
DATA_Domain_REP_Port Global
DellPerfomance None
SkypeBuisiness None
TEN-IT_VPN_DATA_DOMAIN.in Global
Dakoso_Vpn.in Global
Lobster_VPN.in Global
SAP_VPN_Nagarro_.in Global
BOVPN-Allow.in Global

Geolocation Blocking
Global
Africa
Antarctica
Asia
Europe
North America
Oceania
South America

3-7 IPS

Scan Mode
Full Scan Fast Scan
✓

Threat Actions
Threat Level Action Alarm Log
Critical Block Enabled Enabled
High Block Enabled Enabled
Medium Block Enabled Enabled
Low Allow Enabled Enabled
Info Allow Disabled Disabled

Intrusion Prevention Service Policies

Policy Name IPS
VPN-iPhoneDNS Enabled
Tunnel-MFA-AlcatelTelefon Enabled
Tunnel-AlcatelTelefon.1 Enabled
VPN-DiehlES-Any Enabled
VPN-DiehlK-Any Enabled
VPN-Extern-MFA-Any Enabled
Bechtle-IPSEC-Any Enabled
BEOS-IPSEC-Any Enabled
VPN-iPhone-Any Enabled
VPN-Benutzer-Any Disabled
Olschewski-Any Disabled
Service-Partner-Any Disabled
VPN-Bilgram-Any Enabled
Tunnel-RDP Enabled
Tunnel-DNS Enabled
Tunnel-DHCP-Server Enabled
Tunnel-AlcatelTelefon Enabled
Tunnel-Https-SW-Netz Enabled
Tunnel-Addison-Ports Enabled
Tunnel-SSH Enabled
Tunnel-Tunnel Domino01 Port Enabled
Tunnel-OPAL_Lizens_Port.1 Enabled
VPN-Benutzer-MFA-Any Enabled
Tunnel-MFA-RDP.1 Enabled
Tunnel-MFA-DNS Enabled
Tunnel-MFA-DHCP-Server Enabled
Tunnel-MFA-Addison-Ports Enabled
Tunnel-MFA-SSH Enabled
Tunnel-OPAL_Lizens_Port Enabled
SSH.2 Enabled
SSH.1 Enabled
TFTP.1 Enabled
SNMP.2 Enabled
SNMP Disabled
SNMP.1 Enabled
NTP.1 Enabled

68 von 79 26.11.23, 08:37

Firebox Configuration Report https://172.17.0.7:8080/system/configuration

Exchange365 Enabled
Access Enabled
Access.1 Enabled
BOVPN-Allow.out Enabled
Dakoso_Vpn.out Enabled
Lobster_VPN.out Enabled
SAP_VPN_Nagarro_.out Enabled
TEN-IT_VPN_DATA_DOMAIN.out Enabled
Any_fuer_PC131-10_PC061_PC151 Enabled
Innerhalb SuS alles frei Enabled
Any_fuer_GLG Enabled
Any_On_Way_Labor Enabled
Ports_Data_Domain_Rep Enabled
FTP Enabled
SFTP Enabled
SSH_zum_Finanzamt Enabled
SFTP zu Eckardt Enabled
SFTP zu Dakosy Enabled
SSH Disabled
SSH zu DMZ Enabled
SSH-8443 DELL Enabled
SSH DELL Compellent Enabled
Barcodescanner_Telnet Enabled
CMN-DO02 Enabled
Alarm-Server Port Enabled
SMTP-in-proxy Disabled
SMTP-Ferarri-Fax Enabled
SMTP_in Disabled
SMTP_DMZ_zu_LAN Disabled
SMTP-out-proxy Disabled
SMTP_Out Disabled
SMTP_dmzWLAN Disabled
DHCP-Server Disabled
TFTP Disabled
WatchGuard AcssesPortal SSLVPN Enabled
Luja_PNA_Ports Enabled
HTTP_DMZ_LAN Enabled
HTTP_zu_DMZ Enabled
HTTP in T Webmailer Enabled
HTTP_dmzWLAN_intranet Enabled
HTTP-proxy.GLG Enabled
HTTP-Kiosk_zu_Intranet Enabled
HTTP-proxy-Wachter Enabled
HTTP-proxy-KIOSKPC Enabled
HTTP-proxy Enabled
HTTP-Deny Enabled
POP3_dmzWLAN Enabled
IMAP_dmzWLAN Enabled
SNMP-von DESSBLX022 Disabled
Z39-50_SciFinder Enabled
DMZ-AD-Anbindung Enabled
LDAP fuer DMZ Enabled
Helpdesk-Port Enabled
HTTPS-in-140-DMZ Enabled
HTTPS-proxy-AV.Webmailer Enabled
HTTPS in T Webmailer Enabled
HTTPS-in-141-DMZ Enabled
HTTPS in Mobileiron Enabled
HTTPS Sentry in Enabled
HTTPS mobileiron.com Enabled
HTTPS-proxy_GLG Enabled
HTTPS-DMZ-LAN Enabled
HTTPS_dmzWLAN Enabled
HTTPS_ESRS Enabled
HTTPS-proxy.Wachter Enabled
HTTPS-proxy-KIOSKPC Enabled
HTTPS-proxy Enabled
HTTPS_ESX_SC_Support_Assistent Enabled
CWS Repair APP Port 2403 Enabled
HTTPS-Deny Enabled
SMTP-SSL_dmzWLAN Disabled
IMAP-SSL_dmzWLAN Enabled
OpenVPN Port 1194 Enabled
Gast-Wlan-Port 8443 Enabled
Groupwise_in Enabled
Groupwise_out Enabled
Barcodescanner_Lizenzserver Enabled
HBCI_fuer_SFirm Enabled
SRP BlackBerry Enabled
RDP Enabled
HTTPS zu DMZ Enabled
WatchGuard Authentication Enabled
WatchGuard Certificate Portal Enabled
Apple APN Port 5223 Enabled
Google C2DM Port 5228 Enabled
ManageEngine Port 8020 Enabled
ManageEngine Port 8027 Enabled
ManageEnginePort8031 Enabled
HTTP 8080 in Mobileiron Enabled
WatchGuard Web UI Enabled
ManageEnginePort8443 Enabled
HTTPS Sentry Enabled
Port8443 Enabled
Port8443-ESRS Enabled
Traveler-Sync_DMZ_zu_LAN Enabled
Traveler-Sync_dmzWLAN_zuDMZ Enabled
Traveler-Sync_WAN_zu_DMZ Enabled
Port 9001 Enabled
SMB-MobileIron-Fileserver Enabled
Port9443-ESRS Enabled
Port 9997 Mobileiron Enabled
Port 9997 MobIron.WLAN Enabled
NagiosClient Enabled
Port 51543 Enabled
Ping Enabled
DNS Enabled
DNS.1 Enabled
NTP_DMZ Enabled

69 von 79 26.11.23, 08:37

Firebox Configuration Report https://172.17.0.7:8080/system/configuration

NTP Enabled
NTP_Extern Enabled
Lotus-Notes_Retarus-Replik Disabled
Lotus-Notes_DMZ_zu_LAN Disabled
Lotus-Notes_LAN_zu_DMZ Disabled
Lotus-Notes_WAN-zu_DMZ Disabled
Aplle MDM Enabled
Elster Enabled
IPSec Enabled
WatchGuard Enabled
Barracuda VPN Enabled
AlcatelTelefon Disabled
SNMP-Trap Disabled
DATA_Domain_REP_Port Enabled
DellPerfomance Disabled
SkypeBuisiness Enabled
TEN-IT_VPN_DATA_DOMAIN.in Enabled
Dakoso_Vpn.in Enabled
Lobster_VPN.in Enabled
SAP_VPN_Nagarro_.in Enabled
BOVPN-Allow.in Enabled

Send Notification
Send Notification
Send SNMP trap Disabled
Send notification Disabled

3-8 Quarantine Server

Quarantine Server
IP Address 172.17.0.96
Port 4120

3-9 Reputation Enabled Defense

Reputation Enabled Defense Actions

Action Type Status
HTTP-Client HTTP Disabled
HTTP-Server HTTP Disabled
HTTP-Client.Standard HTTP Disabled
HTTP-Server.Standard HTTP Disabled
Explicit-Web.Standard Explicit Disabled
HTTP-Content.Standard HTTP Disabled
HTTP-Client.1 HTTP Disabled
HTTP-Client.KIOSKPC HTTP Enabled
HTTP-Client.Wachter HTTP Enabled
HTTP-Client_GLG HTTP Disabled
HTTP-Virusscan HTTP Disabled

Details
HTTP-Client.KIOSKPC
Enabled
Immediately block URLs that have a bad reputation Log: Disabled
Alarm: Disabled
Bypass any configured virus scanning for URLs that have a good Disabled
Log: Disabled
reputation Alarm: Disabled
Bad reputation threshold 90
Good reputation threshold 10

HTTP-Client.Wachter
Enabled
Immediately block URLs that have a bad reputation Log: Disabled
Alarm: Disabled
Bypass any configured virus scanning for URLs that have a good Disabled
Log: Disabled
reputation Alarm: Disabled
Bad reputation threshold 90
Good reputation threshold 10

3-10 Botnet Detection

Botnet Detection
Enable traffic from suspected botnet sites Enabled

Update Server
Automatic Signature Update
Enable automatic update Enabled
Update server URL https://services.watchguard.com

HTTP Proxy Server

Connect to Update Server using an HTTP proxy server Disabled

3-11 Data Loss Prevention

Disabled

3-12 APT Blocker

Threat Actions
Threat Level Action Alarm Log
High Drop Disabled Enabled
Medium Drop Disabled Enabled
Low Drop Disabled Enabled

APT Blocker Policies

Policy Name Proxy Type APT
SMTP-in-proxy SMTP Enabled
HTTP Enabled
HTTP-proxy-KIOSKPC HTTP Enabled
HTTP-proxy HTTP Enabled
HTTP-proxy-Wachter HTTP Enabled
HTTP-proxy.GLG HTTP Enabled

Advanced
Local Server
Send APT Blocker requests to a local on-premise server Disabled

70 von 79 26.11.23, 08:37

Firebox Configuration Report https://172.17.0.7:8080/system/configuration

HTTP Proxy
Connect to the APT Blocker server with an HTTP proxy server Disabled

Send Notification
Send Notification
Send SNMP trap Disabled
Send notification Email
Launch interval 15 minutes
Repeat count 10

3-13 Threat Detection

Disabled

3-14 Mobile Security

Disabled

3-15 Network Discovery

Disabled

3-16 Access Portal

Disabled

3-17 File Exception

Disabled

4. Authentication

4-1 Hotspot
Disabled

4-2 Servers

Firebox Authentication Server

Firebox Users
Enable case-sensitivity for Firebox-DB user names Enabled
Minimum passphrase length 8
Account Lockout
Enable account lockout Disabled

Authentication Servers
Name Type Primary Backup
Firebox-DB Firebox-DB
AuthPoint
schillseilacher.de RADIUS 172.17.0.157 0.0.0.0
LDAP LDAP 172.17.0.50 0.0.0.0
bb.schillseilacher.de Active Directory 172.17.0.50 172.17.0.60

4-3 Settings

Firewall Authenticaton
Session Timeout Never time out
Idle Timeout 2 hours
Allow unlimited concurrent firewall authentication logins from the same account Enabled
Default authentication server on the authentication page Firebox-DB
Automatically redirect users to the authentication page Disabled
Send a redirect to the browser after successful authentication Disabled

Management Session
Session Timeout 10 hours
Idle Timeout 15 minutes

4-4 Users and Groups

Users and Groups

Authentication Users and Groups
Name Type Authentication Server Description
BEOS-IPSEC Group Firebox-DB
Bechtle-IPSEC Group Firebox-DB
BeosNBG User Firebox-DB Beos Nuernberg
KoppJ User Firebox-DB Joerg Kopp (Olschewski MA)
MuK-Webfilter Group bb.schillseilacher.de
Olschewski Group Firebox-DB
Olschewski User Firebox-DB Herr Olschewski MAC-OS
Ovcharenko User Firebox-DB Igor Ovcharenko
PPTP Gaeste Group Firebox-DB Moegler Gastzugang ueber PPTP
PPTP-Normaler Benutzer Group Firebox-DB Normale PPTP Benutzer
PPTP-PowerUser Group Firebox-DB Benutzer die alles duerfen
Service-Partner Group Firebox-DB
VPN-Benutzer Group bb.schillseilacher.de
VPN-Benutzer-MFA Group schillseilacher.de
VPN-Bilgram Group bb.schillseilacher.de
VPN-DiehlES Group bb.schillseilacher.de
VPN-DiehlK Group bb.schillseilacher.de
VPN-Extern-MFA Group schillseilacher.de
VPN-iPhone Group bb.schillseilacher.de
VPN Group Firebox-DB
adstest User bb.schillseilacher.de test user
andricek User Firebox-DB alex
ansch User Firebox-DB Andreas Schick
beos User Firebox-DB beos servicezugang
beos1 User Firebox-DB
beos2 User Firebox-DB
laha User Firebox-DB HCD-Enrico
mawa User Firebox-DB Maik Wartenberg
ssbdiehles User bb.schillseilacher.de
vpn-benutzer Group bb.schillseilacher.de

4-5 Single Sign-On

71 von 79 26.11.23, 08:37

Firebox Configuration Report https://172.17.0.7:8080/system/configuration

Single Sign-On (SSO) with Active Directory

Disabled
Single Sign-On (SSO) with RADIUS
Disabled

4-6 Terminal Services

Disabled

5. VPN

5-1 Branch Office Gateways

Lobster-Data-VPN-GW Settings
Gateway Name Credential Method
Lobster-Data-VPN-GW Using Pre-shared Key

Gateway Endpoints
Local Interface Local Type Local ID Remote IP Remote Type Remote ID
1 T-Com_WAN IP Address 80.156.231.138 80.67.236.210 IP Address 80.67.236.210

Phase1 Settings
Version IKEv2
Status Enabled
NAT Traversal
Keep-alive Interval 30 seconds
Status Enabled
Dead Peer Detection Type Traffic-Based
(RFC3706) Traffic idle timeout 20 seconds
Max retries 10

Transform Settings
Index Authentication Encryption SA Life Key Group
1 SHA2-256 AES (256-bit) 8 hours Diffie-Hellman Group 14

Nagarro DEFRA Settings

Gateway Name Credential Method
Nagarro DEFRA Using Pre-shared Key

Gateway Endpoints
Local Interface Local Type Local ID Remote IP Remote Type Remote ID
1 T-Com_WAN IP Address 80.156.231.138 109.234.191.7 IP Address 109.234.191.7

Phase1 Settings
Version IKEv2
Status Enabled
NAT Traversal
Keep-alive Interval 20 seconds
Status Enabled
Dead Peer Detection Type Traffic-Based
(RFC3706) Traffic idle timeout 20 seconds
Max retries 5

Transform Settings
Index Authentication Encryption SA Life Key Group
1 SHA2-256 AES (256-bit) 1 day Diffie-Hellman Group 14

Ten_IT_VPN_Data_Domain Settings
Gateway Name Credential Method
Ten_IT_VPN_Data_Domain Using Pre-shared Key

Gateway Endpoints
Local Interface Local Type Local ID Remote IP Remote Type Remote ID
1 T-Com_WAN IP Address 80.156.231.138 85.158.5.162 IP Address 85.158.5.162

Phase1 Settings
Version IKEv2
Status Enabled
NAT Traversal
Keep-alive Interval 20 seconds
Status Enabled
Dead Peer Detection Type Traffic-Based
(RFC3706) Traffic idle timeout 20 seconds
Max retries 5

Transform Settings
Index Authentication Encryption SA Life Key Group
1 SHA2-256 AES (256-bit) 1 day Diffie-Hellman Group 14

dacoso_gateway_darktrace Settings
Gateway Name Credential Method
dacoso_gateway_darktrace Using Pre-shared Key

Gateway Endpoints
Local Interface Local Type Local ID Remote IP Remote Type Remote ID
1 T-Com_WAN IP Address 80.156.231.138 78.138.124.140 IP Address 10.0.12.243

Phase1 Settings
Version IKEv2
Status Enabled
NAT Traversal
Keep-alive Interval 10 seconds
Status Enabled
Dead Peer Detection Type Traffic-Based
(RFC3706) Traffic idle timeout 20 seconds
Max retries 3

Transform Settings
Index Authentication Encryption SA Life Key Group
1 8 hours Diffie-Hellman Group 20

5-2 Branch Office Tunnels

Nagarro DEFRA
Tunnel Name Gateway
Nagarro DEFRA Nagarro DEFRA

Tunnel routes
1 Local 80.67.237.159

72 von 79 26.11.23, 08:37

Firebox Configuration Report https://172.17.0.7:8080/system/configuration

Direction Local <==> Remote

Remote 10.169.58.0/24
1-to-1 NAT Disabled
DNAT Disabled

Local 80.67.237.238
Direction Local <==> Remote
2 Remote 10.169.58.0/24
1-to-1 NAT Disabled
DNAT Disabled

Local 172.17.0.0/16
Direction Local <==> Remote
3 Remote 109.234.190.64/26
1-to-1 NAT Disabled
DNAT Disabled

Local 172.17.0.0/16
Direction Local <==> Remote
4 Remote 10.169.58.0/24
1-to-1 NAT Disabled
DNAT Disabled

Phase2 Settings
PFS Enabled
Diffie-Hellman Group Diffie-Hellman Group 14
IPSec Proposals Nagarro

Dacoso_Darktrace_VPN
Tunnel Name Gateway
Dacoso_Darktrace_VPN dacoso_gateway_darktrace

Tunnel routes
Local 10.0.91.16/28
Direction Local <==> Remote
1 Remote 10.0.91.0/28
1-to-1 NAT Disabled
DNAT Disabled

Phase2 Settings
PFS Enabled
Diffie-Hellman Group Diffie-Hellman Group 20
IPSec Proposals phase2_proposal.Dacoso

tunnel.1
Tunnel Name Gateway
tunnel.1 Ten_IT_VPN_Data_Domain

Tunnel routes
Local 172.17.1.0/24
Direction Local <==> Remote
1 Remote 10.82.0.0/16
1-to-1 NAT Disabled
DNAT Disabled

Phase2 Settings
PFS Enabled
Diffie-Hellman Group Diffie-Hellman Group 14
IPSec Proposals ESP-AES256-SHA256

Lobster-DATA-Live238_Stage159
Tunnel Name Gateway
Lobster-DATA-Live238_Stage159 Lobster-Data-VPN-GW

Tunnel routes
Local 10.169.58.0/24
Direction Local <==> Remote
1 Remote 80.67.237.238
1-to-1 NAT Disabled
DNAT Disabled

Local 10.169.58.0/24
Direction Local <==> Remote
2 Remote 80.67.237.159
1-to-1 NAT Disabled
DNAT Disabled

Local 172.17.0.0/16
Direction Local <==> Remote
3 Remote 80.67.237.159
1-to-1 NAT Disabled
DNAT Disabled

Local 172.17.0.0/16
Direction Local <==> Remote
4 Remote 80.67.237.238
1-to-1 NAT Disabled
DNAT Disabled

Phase2 Settings
PFS Enabled
Diffie-Hellman Group Diffie-Hellman Group 14
IPSec Proposals Lobster

5-3 BOVPN Virtual Interfaces

Disabled

5-4 Phase2 Proposals

Phase2 Proposals
Name Description Editable
ESP-AES-SHA1 None No
ESP-AES-MD5 None No
ESP-3DES-SHA1 None No
ESP-3DES-MD5 None No
ESP-DES-SHA1 None No
ESP-DES-MD5 None No
ESP-AES256-SHA256 None No

73 von 79 26.11.23, 08:37

Firebox Configuration Report https://172.17.0.7:8080/system/configuration

ESP-AES128-SHA1 None No
ESP-AES128-GCM None No
ESP-AES192-GCM None No
ESP-AES256-GCM None No
BEOS-IPSEC_mu Created by Policy Manager Yes
Bechtle-IPSEC_mu Created by Policy Manager Yes
Lobster None Yes
Nagarro None Yes
Olschewski_mu Created by Policy Manager Yes
Service-Partner_mu Created by Policy Manager Yes
VPN-Benutzer-MFA_mu Created by Policy Manager Yes
VPN-Benutzer_mu Created by Policy Manager Yes
VPN-Bilgram_mu Created by Policy Manager Yes
VPN-DiehlES_mu Created by Policy Manager Yes
VPN-DiehlK_mu Created by Policy Manager Yes
VPN-Extern-MFA_mu Created by Policy Manager Yes
VPN-iPhone_mu Created by Policy Manager Yes
phase2_proposal.1 None Yes
phase2_proposal.Dacoso None Yes

Phase2 Proposals Detail

BEOS-IPSEC_mu
Type ESP
Authentication SHA1
Encryption AES 256-bit
Time 8 hours
Force Key Expiration
Traffic 128000 Kb

Bechtle-IPSEC_mu
Type ESP
Authentication SHA1
Encryption AES 256-bit
Time 8 hours
Force Key Expiration
Traffic 128000 Kb

Lobster
Type ESP
Authentication SHA2-256
Encryption AES 256-bit
Time 1 hour
Force Key Expiration
Traffic Disabled

Nagarro
Type ESP
Authentication SHA2-256
Encryption AES 256-bit
Time 1 hour
Force Key Expiration
Traffic Disabled

Olschewski_mu
Type ESP
Authentication SHA2-256
Encryption AES 256-bit
Time 8 hours
Force Key Expiration
Traffic Disabled

Service-Partner_mu
Type ESP
Authentication SHA2-256
Encryption AES 256-bit
Time 8 hours
Force Key Expiration
Traffic Disabled

VPN-Benutzer-MFA_mu
Type ESP
Authentication SHA2-256
Encryption AES 256-bit
Time 8 hours
Force Key Expiration
Traffic Disabled

VPN-Benutzer_mu
Type ESP
Authentication SHA1
Encryption AES 256-bit
Time 8 hours
Force Key Expiration
Traffic 128000 Kb

VPN-Bilgram_mu
Type ESP
Authentication SHA1
Encryption AES 256-bit
Time 8 hours
Force Key Expiration
Traffic 128000 Kb

VPN-DiehlES_mu
Type ESP
Authentication SHA1
Encryption AES 256-bit
Time 8 hours
Force Key Expiration
Traffic 128000 Kb

VPN-DiehlK_mu
Type ESP
Authentication SHA1
Encryption AES 256-bit
Time 8 hours
Force Key Expiration
Traffic 128000 Kb

VPN-Extern-MFA_mu
Type ESP
Authentication SHA2-256
Encryption AES 256-bit
Time 8 hours
Force Key Expiration
Traffic Disabled

74 von 79 26.11.23, 08:37

Firebox Configuration Report https://172.17.0.7:8080/system/configuration

VPN-iPhone_mu
Type ESP
Authentication SHA1
Encryption AES 256-bit
Time 1 hour
Force Key Expiration
Traffic 24576 Kb

phase2_proposal.1
Type ESP
Authentication
Encryption
Time 8 hours
Force Key Expiration
Traffic 128000 Kb

phase2_proposal.Dacoso
Type ESP
Authentication
Encryption
Time 1 hour
Force Key Expiration
Traffic Disabled

5-5 IKEv2 Shared Settings

IKEv2 Shared Settings

Phase1 Options
NAT Traversal Enabled
Keep-alive interval 20 seconds

Phase1 Transform Settings

Phase1 Transform Key Group
SHA2-256-AES (256-bit) Diffie-Hellman Group 14
SHA1-AES (256-bit) Diffie-Hellman Group 5
SHA1-AES (256-bit) Diffie-Hellman Group 2
SHA1-3DES Diffie-Hellman Group 2
- (256-bit) Diffie-Hellman Group 14

5-6 Mobile VPN with IPSec

Policy
Order Action Policy Name Log Alarm From To Port
1 Enabled VPN-iPhoneDNS Disabled Disabled VPN-iPhone Any 53
2 Enabled Tunnel-MFA-AlcatelTelefon Enabled Disabled VPN-Benutzer-MFA Any 7
3 Enabled Tunnel-AlcatelTelefon.1 Disabled Disabled VPN-Benutzer Any 7
4 Enabled VPN-DiehlES-Any Disabled Disabled VPN-DiehlES Any 0
5 Enabled VPN-DiehlK-Any Disabled Disabled VPN-DiehlK Any 0
6 Enabled VPN-Extern-MFA-Any Disabled Disabled VPN-Extern-MFA Any 0
7 Enabled Bechtle-IPSEC-Any Disabled Disabled Bechtle-IPSEC Any 0
8 Enabled BEOS-IPSEC-Any Enabled Disabled BEOS-IPSEC Any 0
9 Enabled VPN-iPhone-Any Disabled Disabled VPN-iPhone Any 0
10 Enabled VPN-Benutzer-Any Disabled Disabled VPN-Benutzer Any 0
11 Enabled Olschewski-Any Disabled Disabled Olschewski Any 0
12 Enabled Service-Partner-Any Disabled Disabled Service-Partner Any 0
13 Enabled VPN-Bilgram-Any Disabled Disabled VPN-Bilgram Any 0
14 Enabled Tunnel-RDP Disabled Disabled VPN-Benutzer Any 3389
15 Enabled Tunnel-DNS Enabled Disabled VPN-Benutzer Any 53
16 Disabled Tunnel-DHCP-Server Enabled Disabled VPN-Benutzer Any 67
17 Enabled Tunnel-AlcatelTelefon Enabled Disabled VPN-Benutzer Any 7
18 Enabled Tunnel-Https-SW-Netz Enabled Disabled VPN-Benutzer Any 80
19 Disabled Tunnel-Addison-Ports Enabled Disabled VPN-Benutzer Any 6001
20 Enabled Tunnel-SSH Enabled Disabled VPN-Benutzer Any 22
21 Enabled Tunnel-Tunnel Domino01 Port Enabled Disabled VPN-Benutzer Any 1352
22 Enabled Tunnel-OPAL_Lizens_Port.1 Enabled Disabled VPN-Benutzer Any 5160
23 Enabled VPN-Benutzer-MFA-Any Enabled Disabled VPN-Benutzer-MFA Any 0
24 Enabled Tunnel-MFA-RDP.1 Enabled Disabled VPN-Benutzer-MFA Any 3389
25 Enabled Tunnel-MFA-DNS Enabled Disabled VPN-Benutzer-MFA Any 53
26 Enabled Tunnel-MFA-DHCP-Server Enabled Disabled VPN-Benutzer-MFA Any 67
27 Enabled Tunnel-MFA-Addison-Ports Enabled Disabled VPN-Benutzer-MFA Any 6001
28 Enabled Tunnel-MFA-SSH Enabled Disabled VPN-Benutzer-MFA Any 22
29 Enabled Tunnel-OPAL_Lizens_Port Enabled Disabled VPN-Benutzer-MFA Any 5160

BEOS-IPSEC
Authentication Server Firebox-DB
Firebox IP Address 80.156.231.138
Timeout None
Tunnel Authentication Method Using Pre-shared Key
Force All Traffic Through Tunnel Disabled
Any-External
Allowed Resources 172.17.0.0/16
Connection mode Manual
Inactivity timeout Disabled

Bechtle-IPSEC
Authentication Server Firebox-DB
Firebox IP Address 80.156.231.138
Timeout None
Tunnel Authentication Method Using Pre-shared Key
Force All Traffic Through Tunnel Disabled
Any-External
Allowed Resources 0.0.0.0/0
Connection mode Manual
Inactivity timeout Disabled

Olschewski
Authentication Server Firebox-DB
Firebox IP Address 80.156.231.138
Timeout None
Tunnel Authentication Method Using Pre-shared Key
Force All Traffic Through Tunnel Disabled
Any-External
Allowed Resources 0.0.0.0/0
Connection mode Manual
Inactivity timeout Disabled

Service-Partner
Authentication Server Firebox-DB

75 von 79 26.11.23, 08:37

Firebox Configuration Report https://172.17.0.7:8080/system/configuration

Firebox IP Address 80.156.231.138

Timeout None
Tunnel Authentication Method Using Pre-shared Key
Force All Traffic Through Tunnel Disabled
Any-External
Allowed Resources 0.0.0.0/0
Connection mode Manual
Inactivity timeout Disabled

VPN-Benutzer
Authentication Server bb.schillseilacher.de
Firebox IP Address 80.156.231.138
Timeout None
Tunnel Authentication Method Using Pre-shared Key
Force All Traffic Through Tunnel Disabled
Any-External
Allowed Resources 0.0.0.0/0
Connection mode Manual
Inactivity timeout Disabled

VPN-Benutzer-MFA
Authentication Server schillseilacher.de
Firebox IP Address 80.156.231.138
Timeout 10 seconds
Tunnel Authentication Method Using Pre-shared Key
Force All Traffic Through Tunnel Disabled
Any-External
Allowed Resources 0.0.0.0/0
Connection mode Manual
Inactivity timeout Disabled

VPN-Bilgram
Authentication Server bb.schillseilacher.de
Firebox IP Address 80.156.231.138
Timeout None
Tunnel Authentication Method Using Pre-shared Key
Force All Traffic Through Tunnel Disabled
Any-External
Allowed Resources 0.0.0.0/0
Connection mode Manual
Inactivity timeout Disabled

VPN-DiehlES
Authentication Server bb.schillseilacher.de
Firebox IP Address 80.156.231.138
Timeout None
Tunnel Authentication Method Using Pre-shared Key
Force All Traffic Through Tunnel Disabled
Any-External
Allowed Resources 0.0.0.0/0
Connection mode Manual
Inactivity timeout Disabled

VPN-DiehlK
Authentication Server bb.schillseilacher.de
Firebox IP Address 80.156.231.138
Timeout None
Tunnel Authentication Method Using Pre-shared Key
Force All Traffic Through Tunnel Disabled
Any-External
Allowed Resources 0.0.0.0/0
Connection mode Manual
Inactivity timeout Disabled

VPN-Extern-MFA
Authentication Server schillseilacher.de
Firebox IP Address 80.156.231.138
Timeout 10 seconds
Tunnel Authentication Method Using Pre-shared Key
Force All Traffic Through Tunnel Disabled
Allowed Resources 172.17.0.0/16
Connection mode Manual
Inactivity timeout Disabled

VPN-iPhone
Authentication Server bb.schillseilacher.de
Firebox IP Address 80.156.231.138
Timeout None
Tunnel Authentication Method Using Pre-shared Key
Force All Traffic Through Tunnel Disabled
Any-External
Allowed Resources 0.0.0.0/0
Connection mode Manual
Inactivity timeout Disabled

5-7 Mobile VPN with SSL

Mobile VPN with SSL

Mobile VPN with SSL Disabled
Authentication Server None
Firebox IP Address 217.110.68.130
Force all client traffic through tunnel Enabled
Virtual IP Address Pool 192.168.113.0/24
IP Address Range None

5-8 Mobile VPN with L2TP

Disabled

5-9 VPN Settings

VPN Configuration
Enable IPSec pass-through Disabled
IPSec Settings
Enable TOS for IPSec Disabled
LDAP Server Settings for CRL Enable LDAP Server for certificate verification Disabled

76 von 79 26.11.23, 08:37

Firebox Configuration Report https://172.17.0.7:8080/system/configuration

Send SNMP trap Disabled

BOVPN Notification
Send notification Disabled

6. System

6-1 Information

Device Configuration
Firebox Model M690
Name SUS-WG-Cluster-M690
Location
Contact
Time zone Brusels, Berlin, Bern, Rome, Stockholm, Vienna (GMT+01:00)

6-2 NTP

NTP Settings
NTP Server Names/IPs
time.google.com

Enable this device as an NTP server Enabled

6-3 SNMP

SNMP Settings
Version v1/v2c
Community String public

SNMP TRAPS
Version v2Trap

SNMP Management Stations

IP Address
172.17.0.101

Use NAT for connections through the SNMP application layer gateway Enabled

6-4 NetFlow
Disabled

6-5 WatchGuard Cloud

WatchGuard Cloud
WatchGuard Cloud Disabled

6-6 Managed Device

Centralized Management
Centralized Management Enabled [Management Server]

Management Server
Managed Device Name 172.17.0.7
Management Server IP Address(es) 172.17.0.96

Management Tunnel
Use an SSL Tunnel for Remote Management Disabled

6-7 Logging

WatchGuard Log Server

Send log messages to these WatchGuard Log Servers Enabled
172.17.0.77 (Primary)
Log Server 1 172.17.0.96 (Backup)

Syslog Server
Using Syslog Server Enabled

IP Address Port Log Format Description

172.17.0.93 514 Syslog

Syslog Server
IP Address 172.17.0.93
Port 514
Log Format Syslog
The time stamp Enabled
The serial number of the device Enabled
Alarm Local0
Traffic Local1
Event Local2
Diagnostic Local3
Performance Local4

Settings
Send log messages to Firebox Internal storage Enabled
Send external interface and VPN bandwidth statistics to log file Enabled
Send Security Services Statistics to log file Enabled
Send log messages when the configuration for this Firebox is changed Enabled
Enable logging for traffic sent from this device Enabled
Enable IKE packet tracing to Firebox internal storage Enabled

6-8 Diagnostic Log

Diagnostic Log
Trace Type Trace Level
Authentication Debug
Error
Error
FireCluster Error
Cluster Management Error
Cluster Operation Error

77 von 79 26.11.23, 08:37

Firebox Configuration Report https://172.17.0.7:8080/system/configuration

Cluster Event Monitoring Error

Cluster Transport Error
Firewall Error
FQDN Error
Management Error
Networking Information
DHCP Client Information
DHCP Server Information
PPP Information
PPPoE Information
Dynamic Routing Information
IPv6 Router Advertisement Information
Gateway Wireless Controller Information
Static Interface Information
Link Monitor Information
GRE Information
Network Diagnostics Information
Network Discovery Information
Proxy Error
Connection Framework Manager Error
Session Manager Error
DNS Error
FTP Error
H323 Error
HTTP Error
HTTPS Error
POP3 Error
SMTP Error
SIP Error
TCP-UDP Error
Security Subscriptions Error
Gateway AntiVirus Service and DLP Error
spamBlocker Error
WebBlocker Error
Reputation Enabled Defense Error
VPN Error
IKE Error
SSL Error
L2TP Error
Mobile Security Error
Device Information Manager Error
Endpoint Manager Error
DHCP Fingerprinting Error

6-9 Global Settings

General
Web UI Port 8080
Schedule time for reboot Disabled
Device Feedback Disabled
Fault Report Disabled
Enable more than one Device Administrator to log in at the same time Enabled

Networking
ICMP Error Handling
Fragmentation Req (PMTU) Enabled
Host Unreachable Enabled
Timeout Enabled
Port Unreachable Enabled
Network Unreachable Enabled
Protocol Unreachable Enabled

Enable TCP SYN Checking Disabled

TCP Connection Idle Timeout 1 hour
TCP Maximum Segment Size Control Auto Adjustment
TCP MTU Probing Disabled
Traffic Management and QoS Disabled
Traffic Flow Disabled

6-10 Technology Integrations

Autotask
Disabled
ConnectWise
Disabled
Tigerpaw
Disabled

6-11 Logon Disclaimer

Disabled

6-12 Users and Roles

Settings
Account Lockout
Enable account lockout Disabled

6-13 FireCluster

Properties
Status Enabled
Mode Active/Passive
ID 50
Load-balance Method Least Connection
Primary Cluster Interface 9 (Optional-8)
Backup Cluster Interface Disabled
Interface for Management IP Address 1 (S+S LAN)

78 von 79 26.11.23, 08:37

Firebox Configuration Report https://172.17.0.7:8080/system/configuration

1 (S+S LAN)
2 (S+S DMZ)
4 (DMZ-WLAN)
Monitored Interface 5 (IPPhone)
6 (T-Com_WAN)
7 (SuS_Labor)
0 ()
Lost Heartbeat Threshold 3
Monitor Hardware Disabled

Send Notification
Send Notification
Send SNMP trap Disabled
Send notification Email
Launch interval 15 minutes
Repeat count 10

Members
Member Name Member1
Member ID C03C0294A9663
Primary Cluster IP Address 169.254.0.1/30
Backup Cluster IP Address 0.0.0.0/0
Management IP Address 172.17.5.253/16

Member Name Member2

Member ID C03C02A6DEC22
Primary Cluster IP Address 169.254.0.2/30
Backup Cluster IP Address 0.0.0.0/0
Management IP Address 172.17.5.254/16

79 von 79 26.11.23, 08:37